TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication

Ivan R. Sy Jr. isy at infoweapons.com
Fri Sep 30 09:30:12 EDT 2005


hi all,

i need a clue and guidance.

ive use saslauthd pam mech to pull out credentials from AD and that 
works nicely.
some problems with tls, i need guidance and clue..

here are the logs from starting the imap server and a 'testuser' 
connecting to imaps using a mail client that is configured to use 'use 
secure authentication' (in thunderbird) and secure connection. it won't 
work and cant view mailbox.

the logs gives me this error:

starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication

but whenever i only choose use secure connection (SSL) it will give me 
this error. but i can view the mailbox OK. Seems like tls didnt work.

i followed the documentation from official cyrus docs. and i need to use 
TLS and not a plaintext+TLS combo. I bet that cyrus-imapd supports 
secure authentication, any leads on this?

logs:

Sep 30 20:40:04 mail imaps[41090]: executed
Sep 30 20:40:04 mail imaps[41090]: accepted connection
Sep 30 20:40:04 mail imaps[41090]: mystore: starting txn 2147483650
Sep 30 20:40:04 mail imaps[41090]: mystore: committing txn 2147483650
Sep 30 20:40:04 mail imaps[41090]: starttls: TLSv1 with cipher 
AES256-SHA (256/256 bits new) no authentication
Sep 30 20:40:08 mail pam_winbind[40911]: user 'testuser' granted access
Sep 30 20:40:08 mail kernel: Sep 30 20:40:08 mail pam_winbind[40911]: 
user 'testuser' granted access
Sep 30 20:40:08 mail pam_winbind[40911]: user 'testuser' granted access
Sep 30 20:40:08 mail imaps[41090]: login: [2001:ec9:4007:0:dead::beef] 
testuser plaintext+TLS User logged in
Sep 30 20:40:08 mail imaps[41090]: skiplist: recovered 
/var/imap/user/t/testuser.seen (2 records, 4328 bytes) in 0 seconds
Sep 30 20:40:08 mail imaps[41090]: seen_db: user testuser opened 
/var/imap/user/t/testuser.seen
Sep 30 20:40:08 mail imaps[41090]: open: user testuser opened INBOX

the config file
#cat /usr/local/etc/imapd.conf
servername: mail.domain.com
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus
sasl_pwcheck_method: saslauthd
sasl_mech_list: pam
sasl_minimum_layer: 1
sendmail: /usr/local/sbin/sendmail
singleinstancestore: yes
lmtp_admins: cyrus
imap_admins: cyrus
lmtpsocket: /var/imap/socket/lmtp
lmtp_downcase_rcpt: yes
notifysocket: /usr/local/cyrus/bin/notifyd
autocreateinboxfolders: Sent|Drafts|Trash
autosubscribeinboxfolders: Sent|Drafts|Trash
createonpost: yes
autocreatequota: 10485760
allowanonymouslogin: 0
tls_ca_file: /var/imap/ssl/ca-cert
tls_cert_file: /var/imap/ssl/server.pem
tls_key_file: /var/imap/ssl/server.pem

cyrus.conf
is the deafult, but i commented out imap, to give way to only imaps



More information about the Info-cyrus mailing list