Using debian with sendmail+squrrilmail+(imap)
I have installed imap-2004 with the command "make slx", because i want to user the passwords in /ets/shadow so i guess this is the right make option.
"make ldb" is more likely to be correct, since Debian has different locations for the OpenSSL stuff; also this builds to use use PAM instead of direct validation of the password.
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS STARTTLS LOGINDISABLED] localhost IMAP4rev1 2004.350 at Fri, 2 Jul 2004 01:06:28 +0200 (CEST) A01 login weel password A01 NO LOGIN failed
The key is the "LOGINDISABLED" capability which appeared in the greeting. If you refer to the imap-2004/docs/BUILD document, you'll find the following text early on:
------------------------------------------------------------------------------
The default build is to build with SSL and disabling plaintext passwords
unless SSL/TLS encryption is in effect (SSLTYPE=nopwd). This means that
OpenSSL MUST be installed before building the IMAP toolkit. Please refer to
the SSLBUILD file for more information.
To build without SSL, add "SSLTYPE=none" to the make command line. Note that doing so will produce an IMAP server which is NON-COMPLIANT with current IESG security requirements. ------------------------------------------------------------------------------
Referring to the SSLBUILD file, we find quite a bit, including:
------------------------------------------------------------------------------
To build with SSL but allow plaintext passwords in insecure sessions,
add "SSLTYPE=unix" to the make command line.
------------------------------------------------------------------------------Here, then, is the answer. You can't login because plaintext passwords are disabled when you are not in an SSL or TLS encrypted session -- which absolutely describes a TELNET session. Since you don't have any non-plaintext password authentication mechanism (such as CRAM-MD5 or GSSAPI) set up, you can't log in at all without negotiating encryption.
If you have a TLS-enabled client (such as Pine), you can try connecting to your IMAP server from there and see if you can log in. Alternatively, you can use any SSL-enabled client to connect to SSL IMAP on port 993 instead of port 143. Of course, this all requires that you've set up your system for SSL/TLS encryption as described in the SSLBUILD document.
Same thing happens if i try pop.
The POP3 server has the same issue. If you do the CAPA command, you will see that the "USER" capability isn't listed, which is POP3's way of saying "LOGINDISABLED". Once again, you have to use an SSL/TLS enabled client.
I then tried "make sl5", to use pam
sl5 isn't for PAM; it's for a very ancient version of Linux. For Linux with PAM, you must use either lnp or one of the PAM-enabled variants (such as ldb for Debian).
-- Mark --
http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum.
