Using Roundcube with cyrus?

Patrick Boutilier boutilpj at ednet.ns.ca
Tue Feb 3 08:28:56 EST 2015 

On 02/03/2015 09:20 AM, Patrick Goetz wrote:
> This is a bit off topic, but is anyone using Roundcube webmail with
> cyrus?  I've lost most of my hair trying to get this to work, and
> although it is working now, I'm not sure my fix is the correct way to
> solve the problem.
>
> Context:
> I only allow plain text STARTTLS connections to the imap server:
> /etc/cyrus/imap.conf:
>
>     allowplaintext: no (as per the default)
>     sasl_mech_list: PLAIN
>     sasl_pwcheck_method: saslauthd
>     tls_cert_file: /etc/ssl/certs/ssl-cert-cyrus.episcopalarchives.org.pem
>     tls_cipher_list:  TLSv1+HIGH:!aNull:@STRENGTH
>
>
> Here is the relevant PHP configuration from Roundcube's config.php.conf:
>
>     $config['default_host'] = 'tls://mail.episcopalarchives.org';
>     $config['imap_conn_options'] = array(
>         'ssl'  => array(
>           'verify_peer'  => true,
>           'allow_self_signed' => true,
>           'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH',
>           'peer_name' => 'mail.episcopalarchives.org',
>           'cafile'   =>
> '/etc/ssl/certs/ssl-cert-cyrus.episcopalarchives.org.pem',
>         ),
>     );
>
>
> I tried multiple combinations of PHP connection options as documented on
> this page:  http://php.net/manual/en/context.ssl.php
>
> No matter what I changed in the Roundcube PHP configuration, I would
> alway get this error message in the cyrus error logs:
>
> Feb 03 01:06:40 www cyrus/imap[29622]: starttls: TLSv1.2 with cipher
> DHE-RSA-AES128-SHA (128/128 bits new) no authentication
> Feb 03 01:06:40 www cyrus/imap[29622]: badlogin:
> www.episcopalarchives.org [216.82.212.230] PLAIN [SASL(-13):
> authentication failure: cross-realm login pgoetz at episcopalarchives.org
> denied]
>
> After a little googling I added this to /etc/cyrus/imapd.conf:
>
>     defaultdomain: episcopalarchives.org
>     virtdomains: on
>
>
> Now I can authenticate through Roundcube, but this solution seems a
> little weird to me, since I'm in particular *not* using virtual domains
> on this server.
>
> Question:  is it really necessary to turn virtual domains on to get PHP
> webmail authentication to work, or is there another way to do this?
>
> Related question:  what are people using for webmail these days?  I was
> shocked to see that php-horde isn't even packaged for Arch linux.
>

Are you using pgoetz at episcopalarchives.org as the userid or is Roundcube 
appending the domain automatically?








>
>
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: boutilpj.vcf
Type: text/x-vcard
Size: 286 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20150203/b246dc26/attachment.vcf

More information about the Info-cyrus mailing list