User Tools

Site Tools


doc:appunti:linux:sa:authdaemon_problem

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:appunti:linux:sa:authdaemon_problem [2011/07/26 10:46]
niccolo [Courier authdaemon problem]
doc:appunti:linux:sa:authdaemon_problem [2019/04/03 18:59] (current)
niccolo
Line 51: Line 51:
 ===== Crittografia TLS ===== ===== Crittografia TLS =====
  
-Per abilitare la crittografia TLS sulla connessione POP3 bisogna installare il pacchetto **courier-pop-ssl**,​ per verificare se TLS è disponibile basta eseguire il comando **''​STLS''​** dentro una sessione POP3, la risposta deve essere qualcosa del genere: ​**''​+OK Begin SSL/TLS negotiation now.''​**.+Per abilitare la crittografia TLS sulla connessione POP3 bisogna installare il pacchetto **courier-pop-ssl**,​ per verificare se TLS è disponibile basta eseguire il comando **''​STLS''​** dentro una sessione POP3, la risposta deve essere qualcosa del genere: 
 + 
 +<​code>​ 
 ++OK Hello there. 
 +STLS 
 ++OK Begin SSL/TLS negotiation now. 
 +</​code>​ 
 ===== Tracing the Courier authdaemon socket ===== ===== Tracing the Courier authdaemon socket =====
  
Line 68: Line 75:
 my $line; my $line;
 my $auth_string;​ my $auth_string;​
 +
 +if ( $#ARGV != 1 ) {
 +    print "​Usage:​ courier-authdaemon-test [login] [password]\n";​
 +    exit 1;
 +}
  
 socket(SOCK,​ PF_UNIX, SOCK_STREAM,​ 0) || die "​socket:​ $!"; socket(SOCK,​ PF_UNIX, SOCK_STREAM,​ 0) || die "​socket:​ $!";
 connect(SOCK,​ sockaddr_un($socket)) ​  || die "​connect:​ $!"; connect(SOCK,​ sockaddr_un($socket)) ​  || die "​connect:​ $!";
  
-$line = "exim\nlogin\n$login\n$pass\n";​+$line = "postfix\nlogin\n$login\n$pass\n";​
 $line = length($line) . "​\n"​ . $line; $line = length($line) . "​\n"​ . $line;
 print "=== Send to socket:​\n"​ . $line; print "=== Send to socket:​\n"​ . $line;
Line 169: Line 181:
 How to authenticate users with a login name like **user@doamain.org**,​ instead of the Unix system name (Debian GNU/Linux 4.0 Etch). How to authenticate users with a login name like **user@doamain.org**,​ instead of the Unix system name (Debian GNU/Linux 4.0 Etch).
  
-Compile ​a password file **''/​etc/​courier/​userdb''​** with all the relevant information (**do not break the line!**):+Create ​a password file **''/​etc/​courier/​userdb''​** with all the relevant information (**do not break the line!**):
  
 <​file>​ <​file>​
-info@2domain.org uid=1086|gid=1086|home=/​home/​info|shell=/​bin/​false+info@2domain.org ​   uid=1086|gid=1086|home=/​home/​info|shell=/​bin/​false
     |systempw=$1$GiNkrEZX$UTOWQkZZf0pp2TEOuyEu1/​|mail=/​home/​info/​Maildir     |systempw=$1$GiNkrEZX$UTOWQkZZf0pp2TEOuyEu1/​|mail=/​home/​info/​Maildir
 </​file>​ </​file>​
 +
 +**WARNING:​** after the login name there must be a **tab character**,​ not spaces.
 +
 +Compile the file with **''​makeuserdb''​**.
  
 Add the **authuserdb** module to the **authmodulelist** into configuration file **''/​etc/​courier/​authdaemonrc''​**:​ Add the **authuserdb** module to the **authmodulelist** into configuration file **''/​etc/​courier/​authdaemonrc''​**:​
Line 184: Line 200:
 Reload the courier-authdaemon. Reload the courier-authdaemon.
  
 +===== Problema con dhparams.pem e SSL =====
 +
 +Facendo un aggiornamento Debian da Wheezy a Jessie la connessione cifrata SSL di IMAP e POP3 smette di funzionare. Pare che il problema sia nella lunghezza del file **''/​etc/​courier/​dhparams.pem''​**,​ che con la nuova versione deve essere di almeno 2048 bit. Nei file di log si trova:
 +
 +<​file>​
 +couriertls: accept: error:​14094417:​SSL routines:​SSL3_READ_BYTES:​sslv3 alert illegal parameter
 +</​file>​
 +
 +
 +Vedere i due bug report: [[https://​bugs.debian.org/​cgi-bin/​bugreport.cgi?​bug=787579|#​787579]] e [[https://​bugs.debian.org/​cgi-bin/​bugreport.cgi?​bug=741620|#​741620]]. Per generare un file nuovo:
 +
 +<​code>​
 +DH_BITS=2048 mkdhparams
 +</​code>​
 +
 +oppure
 +
 +<​code>​
 +cd /​etc/​courier/​
 +openssl dhparam -out dhparams.pem 2048
 +</​code>​
doc/appunti/linux/sa/authdaemon_problem.1311669978.txt.gz · Last modified: 2011/07/26 10:46 by niccolo