SASLAUTH and cyrus
Alexander Dalloz
ad+lists at uni-x.org
Sat Jul 23 16:52:10 EDT 2011
Am 23.07.2011 08:42, schrieb Maria McKinley:
> Thanks Alexander.
>
> auth sufficient pam_unix.so
> auth sufficient pam_ldap.so try_first_pass
> auth required pam_deny.so
> account sufficient pam_unix.so
> account sufficient pam_ldap.so
> account required pam_deny.so
>
> So, I checked in ldap, and the postmaster user exists, but not the cyrus
> user. So, that seems to be why I can't authenticate as cyrus. So the
> user cyrus does exist, but not in ldap. Not sure how important it is
> that cyrus exists in ldap, since things seem to be working fine (I use
> the postmaster user for logging into cyradm anway), and I don't think
> that has anything to do with the error message I'm seeing.
Great you figured out that part.
> Jul 22 08:41:59 ella cyrus/imaps[29387]: Fatal error:
> tls_start_servertls() failed
>
> This does not seem to affect accessing mail, but still I find it
> worrisome when I run across it in the logfiles. It seems I must have
> something configured incorrectly, but not sure where to go from here.
Unfortunately you did not provide details about your cyrus-imapd setup
regarding IMAP/POP3 service, as much as I can see. I mean your cyrus.conf.
Are you running IMAP/POP3 on TLS or SSL?
Can it be that clients try to access the SSL service by trying TLS? That
could explain the error loggings.
You can test that yourself, if you run IMAP/SSL or POP3/SSL.
openssl s_client -connect <yourhost>:993 -starttls imap
That should generate the same error you see in your log. Don't know how
big your environment is and how many clients connect. If it is just you,
then verify the settings of your MUA.
> ~maria
Alexander
More information about the Info-cyrus
mailing list