[horde] Horde can not login.

s-beutel at gmx.de s-beutel at gmx.de
Tue Jan 14 10:49:32 PST 2003


> > Can I use set horde to authenticate itself using imap driver without
> imp? I
> > does not install imp. I install only horde and chora. I have to
> authenticate
> > user becuase I don't want everybody access to my CVS. Here is my
> > configuration of horde:
> > 
> > $conf['auth']['driver'] = 'imap';
> > $conf['auth']['params'] = array();
> > $conf['auth']['params']['dsn'] =
> '{localhost.localdomain:143/imap}INBOX';
> 
Basically, you are on the right way: this is the correct place to define
that login...
> 
> > The log shows that horde sends encrypt to imap. However, I can not
> disable
> > this crypt message. Here is the excerpt of log:
> > Tue 2003-01-14 20:47:19: [516:5] Accepting IMAP connection from
> > [158.108.32.45]
> > Tue 2003-01-14 20:47:19: [516:5] * OK company.mail IMAP4rev1 MDaemon
> 6.5.1
> > ready
> > Tue 2003-01-14 20:47:19: [516:5] 00000000 CAPABILITY
> > Tue 2003-01-14 20:47:19: [516:5] * CAPABILITY IMAP4rev1 NAMESPACE
> > AUTH=CRAM-MD5 IDLE ACL
> > Tue 2003-01-14 20:47:19: [516:5] 00000000 OK CAPABILITY completed
> > Tue 2003-01-14 20:47:19: [516:5] 00000001 AUTHENTICATE CRAM-MD5
> 


> CRAM-MD5 is a particular (SASL) authentication and needs a particular
> setup. Have you carried out this setup? Because if not, even if you
> carry out the above step, you will still not be able to log in, even
> though you do what Eric suggested.
> 
To give you some information: this is due to a moreless cyrus specialty.
While many IMAP servers authenticate users with a plain text login or are ssl
secured, cyrus wants to authenticate with SASL which is some encrypted auth
(search the wab for details). The point is that this behaviour is crucial in the
combination of cyrus and a php imap solution using the actual c-client
library. The mail server propagates the ways he can and/or want authenticate
users, and the mail client chooses that one he can/will handle. Most mail clients
have no probs with cyrus, c-client has afaik just probs with that SASL auth.

Thus, the possible ways are as follows:

-  try authenticate with TLS or ssl/selfcert. Eric gave you the hint. In
detail, try '{localhost.localdomain:993/imap/ssl/novalidate-cert}INBOX' 
Furthermore, cyrus' normal mailbox folder name is INBOX. (note the trailing dot).
Try this, too.
-  wait for a newer c-client, watch the web for any news
-  set up another mail server (uw imap is really a good choice)
-  work with your cyrus. Searching the web upon this is helpful. Someone
suggested to remove the sasldb subdir, restart cyrus - and it will stop
propagating this sasl auth. But be sure you know what you're doing: you give up a
secure auth.

Some links: 
http://lists.horde.org/archives/imp/Week-of-Mon-20011203/015880.html
http://lists.horde.org/archives/bugs/Week-of-Mon-20020204/001995.html
http://lists.horde.org/archives/bugs/Week-of-Mon-20020204/001997.html
http://www.irbs.net/internet/info-cyrus/0112/0185.html

I know some of them are a bit outdated but will help understanding the
issue. Especially the last will tell you much... (scroll down to the bottom).

> What Horde and Imp versions? With HEAD you can carry out Imp tests in
> advance.
> 
> > Would you please tell me how to solve this problem?
> 
> You need to find out a lot more about how SSL/TLS and certificates work.
> You need to find out a lot more about how the software you've installed
> works. You need to find out more about how IMAPv4 works. Until you've
> done this, you won't solve your problem.
> 
> The best thing you can do, is to compile and install your own IMAPv4 and
> Openssl software, learn to understand and configure both of them.
> 
> In fact, UW IMAPv4 has good documentation, is easier to understand than
> Cyrus or Courier and can be compiled with any options you choose. You
> don't have to enable SSL encryption or any other autorization than plain
> passwords. At least it's a start.
> 

This is certainly the best approach, but maybe some of my hints are helpful.
Getting something to work properly sometimes encourages more than searching
for a bug, and searching, and searching...

Kind regards to Theresa _and_ to Tony,

Sebastian



More information about the horde mailing list