Disable client authentication with certificates

Stefan Gofferje lists at home.gofferje.net
Tue Dec 3 12:52:06 EST 2013


On 12/03/2013 04:39 PM, Dan White wrote:
> What log entries do you see during TLS authentication?

Dec  3 19:13:10 home imap[17224]: SSL_accept() succeeded -> done
Dec  3 19:13:10 home imap[17224]: starttls: TLSv1 with cipher
DHE-RSA-CAMELLIA256-SHA (256/256 bits new) no authentication
Dec  3 19:13:10 home imap[17224]: fetching user_deny.db entry for 'xxxxxxxx'
Dec  3 19:13:10 home imap[17224]: login: enterprise.net.loc
[xxx.xxx.xxx.xxx] xxxxxxxx plain+TLS User logged in
Dec  3 19:13:10 home imap[17224]: fetching user_deny.db entry for 'xxxxxxxx'
Dec  3 19:13:10 home imap[17224]: created decompress buffer of 4102 bytes
Dec  3 19:13:10 home imap[17224]: created compress buffer of 4102 bytes
Dec  3 19:13:10 home imap[17224]: fetching user_deny.db entry for 'xxxxxxxx'
Dec  3 19:13:10 home imap[17224]: client id: "name" "Thunderbird"
"version" "24.1.0"
Dec  3 19:13:10 home imap[17224]: fetching user_deny.db entry for 'xxxxxxxx'
Dec  3 19:13:10 home imap[17224]: fetching user_deny.db entry for 'xxxxxxxx'
Dec  3 19:13:10 home imap[17224]: fetching user_deny.db entry for 'xxxxxxxx'
Dec  3 19:13:10 home imap[17225]: fetching user_deny.db entry for 'xxxxxxxx'
Dec  3 19:13:10 home imap[17225]: seen_db: user xxxxxxxx opened
/var/lib/imap/user/s/xxxxxxxx.seen
Dec  3 19:13:10 home imap[17224]: fetching user_deny.db entry for 'xxxxxxxx'
Dec  3 19:13:10 home imap[17224]: fetching user_deny.db entry for 'xxxxxxxx'
Dec  3 19:13:10 home imap[17224]: seen_db: user xxxxxxxx opened
/var/lib/imap/user/s/sgofferj.seen
Dec  3 19:13:10 home imap[17225]: open: user xxxxxxxx opened INBOX
Dec  3 19:13:10 home imap[17225]: fetching user_deny.db entry for 'xxxxxxxx'

> Verify that this is a server side problem with imtest.

Unfortunately, I don't know how to use imtest, nor do I speak IMAP
fluently so I could test with netcat...

On my Android, I use K9-mail and that does not ask which client
certificate to use but it could be that K9 doesn't support certificate
authentication anyway plus I don't have any client certificates
installed there...

-S

-- 
 (o_   Stefan Gofferje            | SCLT, MCP, CCSA
 //\   Reg'd Linux User #247167   | VCP #2263
 V_/_  Heckler & Koch - the original point and click interface


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4079 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20131203/a2384442/attachment.bin 


More information about the Info-cyrus mailing list