Authentication problem
Stephen Liu
satimis at yahoo.com
Mon Jun 9 05:04:12 EDT 2008
--- Simon Matter <simon.matter at invoca.ch> wrote:
- snip -
> > Please advise where shall I check and how to fix the problem. TIA
>
> You should post your configs (/etc/cyrus.conf and /etc/imapd.conf)
> which
> will make it easier for someone to help you.
Hi Simon,
cyrus.conf and imapd.conf are as follows. Those lines, commented out,
have been deleted to shorten the length of this posting.
$ cat /etc/cyrus.conf
# Debian defaults for Cyrus IMAP server/cluster implementation
# see cyrus.conf(5) for more information
#
# All the tcp services are tcpd-wrapped. see hosts_access(5)
# $Id: cyrus.conf 120 2005-05-01 03:23:18Z sven $
START {
# do not delete this entry!
recover cmd="/usr/sbin/ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# this is NOT to be enabled right now in Debian builds
#idled cmd="idled"
# this is useful on backend nodes of a Murder cluster
# it causes the backend to syncronize its mailbox list with
# the mupdate master upon startup
#mupdatepush cmd="/usr/sbin/ctl_mboxlist -m"
# this is recommended if using duplicate delivery suppression
delprune cmd="/usr/sbin/ctl_deliver -E 3"
# this is recommended if caching TLS sessions
tlsprune cmd="/usr/sbin/tls_prune"
}
# UNIX sockets start with a slash and are absolute paths
# you can use a maxchild=# to limit the maximum number of forks of a
service
# you can use babysit=true and maxforkrate=# to keep tight tabs on the
service
# most services also accept -U (limit number of reuses) and -T
(timeout)
SERVICES {
# --- Normal cyrus spool, or Murder backends ---
# add or remove based on preferences
imap cmd="imapd -U 30" listen="imap" prefork=0
maxchild=100
imaps cmd="imapd -s -U 30" listen="imaps" prefork=0
maxchild=100
#pop3 cmd="pop3d -U 30" listen="pop3" prefork=0
maxchild=50
#pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0
maxchild=50
#nntp cmd="nntpd -U 30" listen="nntp" prefork=0
maxchild=100
#nntps cmd="nntpd -s -U 30" listen="nntps" prefork=0
maxchild=100
# At least one form of LMTP is required for delivery
# (you must keep the Unix socket name in sync with imap.conf)
#lmtp cmd="lmtpd" listen="localhost:lmtp" prefork=0
maxchild=20
lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp"
prefork=0 maxchild=20
# ----------------------------------------------
# useful if you need to give users remote access to sieve
# by default, we limit this to localhost in Debian
sieve cmd="timsieved" listen="localhost:sieve"
prefork=0 maxchild=100
# this one is needed for the notification services
notify cmd="notifyd"
listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1
# --- Murder frontends -------------------------
- snip -
# ----------------------------------------------
}
EVENTS {
# this is required
checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery
suppression
delprune cmd="/usr/sbin/ctl_deliver -E 3" at=0401
# this is only necessary if caching TLS sessions
tlsprune cmd="/usr/sbin/tls_prune" at=0401
}
admins: cyrus
unixhierarchysep: 1
* end *
$ cat /etc/imapd.conf
# Debian Cyrus imapd.conf
# $Id: imapd.conf 229 2005-12-08 23:26:29Z astronut $
# See imapd.conf(5) for more information and more options
# Configuration directory
configdirectory: /var/lib/cyrus
# Which partition to use for default mailboxes
defaultpartition: default
partition-default: /var/spool/cyrus/mail
# News setup
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news
# Alternate namespace
# If enabled, activate the alternate namespace as documented in
# /usr/share/doc/cyrus-doc-2.2/html/altnamespace.html, where an user's
# subfolders are in the same level as the INBOX
# See also userprefix and sharedprefix on imapd.conf(5)
altnamespace: no
# UNIX Hierarchy Convention
# Set to yes, and cyrus will accept dots in names, and use the forward
# slash "/" to delimit levels of the hierarchy. This is done by
converting
# internally all dots to "^", and all "/" to dots. So the
"rabbit.holes"
# mailbox of user "helmer.fudd" is stored in
"user.elmer^fud.rabbit^holes"
unixhierarchysep: yes
- snip -
# Uncomment the following and add the space-separated users who
# have admin rights for all services.
admins: cyrus
- sni -
# No anonymous logins
#allowanonymouslogin: no
allowanonymouslogin: yes
# Minimum time between POP mail fetches in minutes
popminpoll: 1
# If nonzero, normal users may create their own IMAP accounts by
creating
# the mailbox INBOX. The user's quota is set to the value if it is
positive,
# otherwise the user has unlimited quota.
autocreatequota: 0
# umask used by Cyrus programs
umask: 077
- snip -
# If enabled, cyrdeliver will look for Sieve scripts in user's home
# directories: ~user/.sieve.
sieveusehomedir: false
# If sieveusehomedir is false, this directory is searched for Sieve
scripts.
sievedir: /var/spool/sieve
- snip -
# If enabled, the partitions will also be hashed, in addition to the
hashing
# done on configuration directories. This is recommended if one
partition has a
# very bushy mailbox tree.
hashimapspool: true
# Allow plaintext logins by default (SASL PLAIN)
allowplaintext: yes
# Force PLAIN/LOGIN authentication only
# (you need to uncomment this if you are not using an auxprop-based
SASL
# mechanism. saslauthd users, that means you!). And pay attention to
# sasl_minimum_layer and allowapop below, too.
#sasl_mech_list: PLAIN
- snip -
# Do note that, since sasl will be run as user cyrus, you may have a
lot of
# trouble to set this up right.
#sasl_pwcheck_method: auxprop
sasl_pwcheck_method: saslauthd
# What auxpropd plugins to load, if using sasl_pwcheck_method: auxprop
# by default, all plugins are tried (which is probably NOT what you
want).
#sasl_auxprop_plugin: sasldb
# If enabled, the SASL library will automatically create authentication
secrets
# when given a plaintext password. Refer to SASL documentation
sasl_auto_transition: no
#
# SSL/TLS Options
#
- snip -
# File containing one or more Certificate Authority (CA) certificates.
#tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem
# Path to directory with certificates of CAs.
tls_ca_path: /etc/ssl/certs
# The length of time (in minutes) that a TLS session will be cached for
later
# reuse. The maximum value is 1440 (24 hours), the default. A value
of 0 will
# disable session caching.
tls_session_timeout: 1440
# The list of SSL/TLS ciphers to allow, in decreasing order of
precedence.
# The format of the string is described in ciphers(1). The Debian
default
# selects TLSv1 high-security ciphers only, and removes all anonymous
ciphers
# from the list (because they provide no defense against
man-in-the-middle
# attacks). It also orders the list so that stronger ciphers come
first.
tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
- snip -
## KEEP THESE IN SYNC WITH cyrus.conf
##
# Unix domain socket that lmtpd listens on.
lmtpsocket: /var/run/cyrus/socket/lmtp
# Unix domain socket that idled listens on.
idlesocket: /var/run/cyrus/socket/idle
# Unix domain socket that the new mail notification daemon listens on.
notifysocket: /var/run/cyrus/socket/notify
# Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap
etc.)
syslog_prefix: cyrus
- snip -
* end *
B.R.
Stephen L
Send instant messages to your online friends http://uk.messenger.yahoo.com
More information about the Info-cyrus
mailing list