Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#2540 Unable to login after Fedora yum update

closed
nobody
None
5
2007-11-12
2007-11-11
andrewheald
No

Odd problem here! I'm on Fedora 7. I've been running Cyrus IMAP with Exim and squirrelMail for quite a number of years with no problems. After a yum update this morning Squirrel no longer allows me to login.

Some more background:
Squirrel version is 1.4.10a-1.fc7.
Because Squirrel is hosted on the same box as Cyrus I've always simply used PLAIN authentication.
Cyrus is set up to use saslauthd for authentication. This in turn is configured to delegate to pam.

My /etc/pam.d/imap contains:
#%PAM-1.0
auth include system-auth
account include system-auth

My /etc/pam.d/system-auth contains:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so

Thunderbird is still able to login so I'm led to believe that Cyrus is still okay.

Trying a telnet I get:
# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED] muse.heald.co.uk Cyrus IMAP4 v2.3.9-Fedora-RPM-2.3.9-7.fc7 server ready
001 capability
* CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH
001 OK Completed
001 logout
* BYE LOGOUT received
001 OK Completed
Connection closed by foreign host.

Finally, in Squirrel's config.php I have:
$imap_auth_mech = 'login';

Is it me or is there a newly introduced bug from this morning's update?

Discussion

  • andrewheald
    andrewheald
    2007-11-11

    Logged In: YES
    user_id=1934817
    Originator: YES

    I neglected to add that on trying to login Squirrel displays the message:

    Bad request: The IMAP server is reporting that plain text logins are disabled. Using CRAM-MD5 or DIGEST-MD5 authentication instead may work. Also, the use of TLS may allow SquirrelMail to login. Please contact your system administrator and report this error.

     
    • status: open --> pending
     
  • Logged In: YES
    user_id=1020419
    Originator: NO

    The SquirrelMail error message says it all: you have configured SquirrelMail to use plain logins, but you have configured your IMAP server not to. Change one of the two configurations.

     
  • andrewheald
    andrewheald
    2007-11-11

    • status: pending --> open
     
  • andrewheald
    andrewheald
    2007-11-11

    Logged In: YES
    user_id=1934817
    Originator: YES

    Would that it were that simple. Note that my Thunderbird client connects to the same IMAP server using PLAIN authentication with the configurations as they are. And note, too, that between Squirrel logging in just fine and then suddenly not any more is one "yum update".

    I'm very much prepared to admit I could be merely stupid, but not that stupid.

     
  • Logged In: YES
    user_id=1020419
    Originator: NO

    Are you sure that you're using "plain" with Thunderbird? Maybe that was changed by the upgrade, or maybe Thunderbird tires more then one type of login if the first one tried doesn't work (I don't use Thunderbird myself, so I don't know how it works).

    Anyway, you say things were working alright, then you upgraded your system, and now it doesn't work anymore. If you didn't change anything besides the upgrade, please find out what packages were upgraded (maybe there's a log) and ask Fedora what they have changed in their packages. Bottom line is that your SquirrelMail is configured to use "plain" and your IMAP server states that "plain" isn't accepted. Not much the SquirrelMail project can do about that. My suggestion is still that you try reconfiguring your IMAP server or your SquirrelMail installation.

     
    • status: open --> pending
     
  • andrewheald
    andrewheald
    2007-11-12

    Logged In: YES
    user_id=1934817
    Originator: YES

    Thunderbird is running on a different box (an iMac) and is most definitely using plain authentication, the only difference being that it also uses SSL on the IMAP session. I'm also running the same setup on my cellphone, which is also reading mail just fine.

    I hadn't upgraded this Fedora box for a while, so it's going to be quite difficult to work out if any one of the 260 new packages are implicated. Looks like I'm on my own on this one.

    Meanwhile, I'll find an alternative to Squirrel.

     
  • andrewheald
    andrewheald
    2007-11-12

    • status: pending --> closed
     
  • Logged In: YES
    user_id=1020419
    Originator: NO

    Or you could reconfigure SquirrelMail to use the same authentication your Thunderbird uses, which will take less than two minutes.

    Run "config/conf.pl".
    Select "2. Server Settings"
    Select "A. Update IMAP Settings"
    Change "5. IMAP Port", "6. Authentication type", and "7. Secure IMAP (TLS)" to fit your IMAP configuration.

    Good luck.

     
  • andrewheald
    andrewheald
    2007-11-12

    Logged In: YES
    user_id=1934817
    Originator: YES

    Hoorah, yes, that did the trick!

    Settings now:

    IMAP Settings
    --------------
    4. IMAP Server : localhost
    5. IMAP Port : 993
    6. Authentication type : login
    7. Secure IMAP (TLS) : true
    8. Server software : cyrus
    9. Delimiter : .

    So, it's weird that non-TLS isn't working but we can consider this issue well and truly closed. Thanks for your help.