On 02/03/2015 09:20 AM, Patrick Goetz wrote:
This is a bit off topic, but is anyone using Roundcube webmail with
cyrus? I've lost most of my hair trying to get this to work, and
although it is working now, I'm not sure my fix is the correct way to
solve the problem.
Context:
I only allow plain text STARTTLS connections to the imap server:
/etc/cyrus/imap.conf:
allowplaintext: no (as per the default)
sasl_mech_list: PLAIN
sasl_pwcheck_method: saslauthd
tls_cert_file: /etc/ssl/certs/ssl-cert-cyrus.episcopalarchives.org.pem
tls_cipher_list: TLSv1+HIGH:!aNull:@STRENGTH
Here is the relevant PHP configuration from Roundcube's config.php.conf:
$config['default_host'] = 'tls://mail.episcopalarchives.org';
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => true,
'allow_self_signed' => true,
'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH',
'peer_name' => 'mail.episcopalarchives.org',
'cafile' =>
'/etc/ssl/certs/ssl-cert-cyrus.episcopalarchives.org.pem',
),
);
I tried multiple combinations of PHP connection options as documented on
this page: http://php.net/manual/en/context.ssl.php
No matter what I changed in the Roundcube PHP configuration, I would
alway get this error message in the cyrus error logs:
Feb 03 01:06:40 www cyrus/imap[29622]: starttls: TLSv1.2 with cipher
DHE-RSA-AES128-SHA (128/128 bits new) no authentication
Feb 03 01:06:40 www cyrus/imap[29622]: badlogin:
www.episcopalarchives.org [216.82.212.230] PLAIN [SASL(-13):
authentication failure: cross-realm login pgoetz@xxxxxxxxxxxxxxxxxxxxx
denied]
After a little googling I added this to /etc/cyrus/imapd.conf:
defaultdomain: episcopalarchives.org
virtdomains: on
Now I can authenticate through Roundcube, but this solution seems a
little weird to me, since I'm in particular *not* using virtual domains
on this server.
Question: is it really necessary to turn virtual domains on to get PHP
webmail authentication to work, or is there another way to do this?
Related question: what are people using for webmail these days? I was
shocked to see that php-horde isn't even packaged for Arch linux.
Are you using pgoetz@xxxxxxxxxxxxxxxxxxxxx as the userid or is Roundcube
appending the domain automatically?
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
begin:vcard
fn:Patrick Boutilier
n:Boutilier;Patrick
org:;Nova Scotia Department of Education
adr:;;2021 Brunswick Street;Halifax;NS;B3K 2Y5;Canada
email;internet:boutilpj@xxxxxxxxxxx
title:WAN Communications Specialist
tel;work:902-424-6800
tel;fax:902-424-0874
version:2.1
end:vcard
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
