rigacci.org

User Tools

Site Tools

Trace:
doc:appunti:linux:sa:authdaemon_problem

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
doc:appunti:linux:sa:authdaemon_problem [2011/07/26 10:46] – [Crittografia TLS] niccolodoc:appunti:linux:sa:authdaemon_problem [2019/04/03 18:59] (current) niccolo
Line 58: Line 58:
 +OK Begin SSL/TLS negotiation now. +OK Begin SSL/TLS negotiation now.
 </code> </code>
 +
 ===== Tracing the Courier authdaemon socket ===== ===== Tracing the Courier authdaemon socket =====
  
Line 74: Line 75:
 my $line; my $line;
 my $auth_string; my $auth_string;
 +
 +if ( $#ARGV != 1 ) {
 +    print "Usage: courier-authdaemon-test [login] [password]\n";
 +    exit 1;
 +}
  
 socket(SOCK, PF_UNIX, SOCK_STREAM, 0) || die "socket: $!"; socket(SOCK, PF_UNIX, SOCK_STREAM, 0) || die "socket: $!";
 connect(SOCK, sockaddr_un($socket))   || die "connect: $!"; connect(SOCK, sockaddr_un($socket))   || die "connect: $!";
  
-$line = "exim\nlogin\n$login\n$pass\n";+$line = "postfix\nlogin\n$login\n$pass\n";
 $line = length($line) . "\n" . $line; $line = length($line) . "\n" . $line;
 print "=== Send to socket:\n" . $line; print "=== Send to socket:\n" . $line;
Line 175: Line 181:
 How to authenticate users with a login name like **user@doamain.org**, instead of the Unix system name (Debian GNU/Linux 4.0 Etch). How to authenticate users with a login name like **user@doamain.org**, instead of the Unix system name (Debian GNU/Linux 4.0 Etch).
  
-Compile a password file **''/etc/courier/userdb''** with all the relevant information (**do not break the line!**):+Create a password file **''/etc/courier/userdb''** with all the relevant information (**do not break the line!**):
  
 <file> <file>
-info@2domain.org uid=1086|gid=1086|home=/home/info|shell=/bin/false+info@2domain.org    uid=1086|gid=1086|home=/home/info|shell=/bin/false
     |systempw=$1$GiNkrEZX$UTOWQkZZf0pp2TEOuyEu1/|mail=/home/info/Maildir     |systempw=$1$GiNkrEZX$UTOWQkZZf0pp2TEOuyEu1/|mail=/home/info/Maildir
 </file> </file>
 +
 +**WARNING:** after the login name there must be a **tab character**, not spaces.
 +
 +Compile the file with **''makeuserdb''**.
  
 Add the **authuserdb** module to the **authmodulelist** into configuration file **''/etc/courier/authdaemonrc''**: Add the **authuserdb** module to the **authmodulelist** into configuration file **''/etc/courier/authdaemonrc''**:
Line 190: Line 200:
 Reload the courier-authdaemon. Reload the courier-authdaemon.
  
 +===== Problema con dhparams.pem e SSL =====
 +
 +Facendo un aggiornamento Debian da Wheezy a Jessie la connessione cifrata SSL di IMAP e POP3 smette di funzionare. Pare che il problema sia nella lunghezza del file **''/etc/courier/dhparams.pem''**, che con la nuova versione deve essere di almeno 2048 bit. Nei file di log si trova:
 +
 +<file>
 +couriertls: accept: error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert illegal parameter
 +</file>
 +
 +
 +Vedere i due bug report: [[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787579|#787579]] e [[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741620|#741620]]. Per generare un file nuovo:
 +
 +<code>
 +DH_BITS=2048 mkdhparams
 +</code>
 +
 +oppure
 +
 +<code>
 +cd /etc/courier/
 +openssl dhparam -out dhparams.pem 2048
 +</code>
doc/appunti/linux/sa/authdaemon_problem.txt · Last modified: 2019/04/03 18:59 by niccolo