Re: maildir + courrier + /var/mail
Hi; You could use a mirrored userdb, since you need /etc/passwd to contain real home dirs, you could create /etc/courier/userdb to contain the /var/mail/$user 's Maildir as the homedir that courier will see. In /etc/courier/authdaemonrc just have it use authuserdb _first_ in the authmodulelist variable to make imap/pop logins use this different home directory. I don't know how active user changes would be made on your system, but if they're pretty static then a one time conversion is easy, if you need something to make changes often you could probably come up with a script to go through /etc/passwd (or /etc/shadow) and mirror usernames and passwords to the userdb file. For security make sure the userdb file is rw only for root, and you run makeuserdb after any changes to the userdb file to create a secure shadow and database file. I may not be very clear, but the idea is there somewhere :). ~ Darryl Fabrice Lorrain (home) wrote: Hi, I'm migrating an HPUX sendmail/qpopper server to a debian postfix/courier one. The config is the following : - authentification through flat /etc/passwd file, - postfix delivering mail in /var/mail in maildir format - courier-pop/courier-imap to access the mail in daemon mode. I wasn't able to configure courier-pop to read in /var/mail without changing the homedir in /etc/passwd (which is not an option here). Did anybody succeed with such a config (ie having courier-pop read mail in /var/mail) ? What works but doesn't suit my needs : - LDAP auth + some attribut pointing to /var/mail/$login - from the "postfix+mysql+courrier howto" seems you can do it - changing the homedir path in /etc/passwd - using "regular" maildir in /home/$login Any idees/suggestions ? Fab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache-SSL 'n Cert Fun
- Original Message - From: "Nathan E Norman" <[EMAIL PROTECTED]> To: Sent: Sunday, March 02, 2003 11:29 PM Subject: Re: Apache-SSL 'n Cert Fun > Are they on seperate IPs? You can't do HTTPS vhosts with on the same > IP. Thanks, that's what I needed to know. Took a while to find the information on the apache-ssl site too. They just make it seem like using multiple ssl vhosts is "normal"... oh well, it works as good as it will then. :) That was my learning for the weekend ;) Thanks again. ~ Darryl
Re: Apache-SSL 'n Cert Fun
- Original Message - From: "Nathan E Norman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, March 02, 2003 11:29 PM Subject: Re: Apache-SSL 'n Cert Fun > Are they on seperate IPs? You can't do HTTPS vhosts with on the same > IP. Thanks, that's what I needed to know. Took a while to find the information on the apache-ssl site too. They just make it seem like using multiple ssl vhosts is "normal"... oh well, it works as good as it will then. :) That was my learning for the weekend ;) Thanks again. ~ Darryl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache-SSL 'n Cert Fun
Hi, Thanks. I decrypted it this afternoon actually and it works fine. Still bugs me that it doesn't work with it encrypted, but that's another day [and not my problem :)] However, the next problem is... With Two vhosts configured, apache-ssl seems to only send out the cert for the 'default' domain regardless of which vhost I go after. Even though each vhost has a seperate specified .pem file. Yippi. :( ~ Darryl - Original Message - From: "Craig Sanders" <[EMAIL PROTECTED]> To: "D. Clarke" <[EMAIL PROTECTED]> Cc: Sent: Sunday, March 02, 2003 8:13 PM Subject: Re: Apache-SSL 'n Cert Fun > On Sun, Mar 02, 2003 at 08:01:20AM -0500, D. Clarke wrote: > > apache-ssl works fine without an encrypted test key & cert... once > > encrypted pewf, it dies (which I need, because that's how the client > > gave it to me... ugh.) > > > > Any new ideas? :) > > use openssl and the pass-phrase to decrypt the cert. then configure > apache to use the decrypted copy. > > > using encrypted certificates on a web server is worse than useless. > either: > > 1. you store the pass-phrase on the server so that the startup > scripts can read it (which is pointless, any attacker that could get an > unencrypted cert could also get an encrypted cert plus the passphrase) > > or > > 2. you manually enter the passphrase every time apache is restarted. > this effectively prevents automatic startup of your web server at boot > time (e.g after a power failure, or kernel upgrade etc), and also makes > it impossible for staff to restart the server unless they know the > pass-phrases for all encrypted keys used by the server. > > > since there's no security advantage in using encrypted certificates > (item #1 above), and significant operational disadvantages (item #2), > your best bet is to use unencrypted certificates. > > > craig > > -- > craig sanders <[EMAIL PROTECTED]> > > Fabricati Diem, PVNC. > -- motto of the Ankh-Morpork City Watch > >
Re: Apache-SSL 'n Cert Fun
Hi, Thanks. I decrypted it this afternoon actually and it works fine. Still bugs me that it doesn't work with it encrypted, but that's another day [and not my problem :)] However, the next problem is... With Two vhosts configured, apache-ssl seems to only send out the cert for the 'default' domain regardless of which vhost I go after. Even though each vhost has a seperate specified .pem file. Yippi. :( ~ Darryl - Original Message - From: "Craig Sanders" <[EMAIL PROTECTED]> To: "D. Clarke" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, March 02, 2003 8:13 PM Subject: Re: Apache-SSL 'n Cert Fun > On Sun, Mar 02, 2003 at 08:01:20AM -0500, D. Clarke wrote: > > apache-ssl works fine without an encrypted test key & cert... once > > encrypted pewf, it dies (which I need, because that's how the client > > gave it to me... ugh.) > > > > Any new ideas? :) > > use openssl and the pass-phrase to decrypt the cert. then configure > apache to use the decrypted copy. > > > using encrypted certificates on a web server is worse than useless. > either: > > 1. you store the pass-phrase on the server so that the startup > scripts can read it (which is pointless, any attacker that could get an > unencrypted cert could also get an encrypted cert plus the passphrase) > > or > > 2. you manually enter the passphrase every time apache is restarted. > this effectively prevents automatic startup of your web server at boot > time (e.g after a power failure, or kernel upgrade etc), and also makes > it impossible for staff to restart the server unless they know the > pass-phrases for all encrypted keys used by the server. > > > since there's no security advantage in using encrypted certificates > (item #1 above), and significant operational disadvantages (item #2), > your best bet is to use unencrypted certificates. > > > craig > > -- > craig sanders <[EMAIL PROTECTED]> > > Fabricati Diem, PVNC. > -- motto of the Ankh-Morpork City Watch > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache-SSL 'n Cert Fun
That's basically the steps I followed, yes. However I've gotten a new error ;) [Sun Mar 2 07:48:28 2003] [crit] (22)Invalid argument: Error reading private key file /etc/apache-ssl/test.key: [Sun Mar 2 07:48:28 2003] [crit] error:0906406D:PEM routines:DEF_CALLBACK:problems getting password [Sun Mar 2 07:48:28 2003] [crit] error:0906A068:PEM routines:PEM_do_header:bad password read It seems the parent apache-ssl isn't passing off the passphrase. It's right when I start it (else it complains until I enter the right passphrase...) I can also view the key by: openssl rsa -noout -text -in test.key and entering the passphrase, again verifying the passphrase is correct. apache-ssl works fine without an encrypted test key & cert... once encrypted pewf, it dies (which I need, because that's how the client gave it to me... ugh.) Any new ideas? :) Thanks Again, ~ Darryl - Original Message - From: "Teddy Knab" <[EMAIL PROTECTED]> To: Sent: Saturday, March 01, 2003 9:14 PM Subject: Re: Apache-SSL 'n Cert Fun > I have been signing my own certs. > > Is that what you are typing about ? > > Here is a short clip of what I did: > > self signed cert > 505 openssl genrsa -des3 -out ca.key 2048 > 510 openssl req -new -x509 -days 3652 -key ca.key -out ca.crt > > 2nd try docs from http://www.apache-ssl.org/#FAQ > 545 openssl req -new > new.cert.csr > 547 openssl rsa -in privkey.pem -out new.cert.key > 548 openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey > new.cert.key -days 365 > cat new.cert.key > apache.pem > cat new.cert.cert >> apache.pem > mv apache.pem to /etc/apache-ssl/apache.pem > cp new.cert.key /etc/apache-ssl/apache.key > > Do you trust me ? > My cert. > https://webmail.washcoll.edu > > > Ted > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
Re: Apache-SSL 'n Cert Fun
That's basically the steps I followed, yes. However I've gotten a new error ;) [Sun Mar 2 07:48:28 2003] [crit] (22)Invalid argument: Error reading private key file /etc/apache-ssl/test.key: [Sun Mar 2 07:48:28 2003] [crit] error:0906406D:PEM routines:DEF_CALLBACK:problems getting password [Sun Mar 2 07:48:28 2003] [crit] error:0906A068:PEM routines:PEM_do_header:bad password read It seems the parent apache-ssl isn't passing off the passphrase. It's right when I start it (else it complains until I enter the right passphrase...) I can also view the key by: openssl rsa -noout -text -in test.key and entering the passphrase, again verifying the passphrase is correct. apache-ssl works fine without an encrypted test key & cert... once encrypted pewf, it dies (which I need, because that's how the client gave it to me... ugh.) Any new ideas? :) Thanks Again, ~ Darryl - Original Message - From: "Teddy Knab" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, March 01, 2003 9:14 PM Subject: Re: Apache-SSL 'n Cert Fun > I have been signing my own certs. > > Is that what you are typing about ? > > Here is a short clip of what I did: > > self signed cert > 505 openssl genrsa -des3 -out ca.key 2048 > 510 openssl req -new -x509 -days 3652 -key ca.key -out ca.crt > > 2nd try docs from http://www.apache-ssl.org/#FAQ > 545 openssl req -new > new.cert.csr > 547 openssl rsa -in privkey.pem -out new.cert.key > 548 openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey > new.cert.key -days 365 > cat new.cert.key > apache.pem > cat new.cert.cert >> apache.pem > mv apache.pem to /etc/apache-ssl/apache.pem > cp new.cert.key /etc/apache-ssl/apache.key > > Do you trust me ? > My cert. > https://webmail.washcoll.edu > > > Ted > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Apache-SSL 'n Cert Fun
Hi, Has anybody had problems with Apache-SSL running with encrypted key files? My apache-ssl won't run at all once I tell it to use the encrypted key file as well as the fact that it asks for the PEM passphrase every time I restart - is there anyplace I can put the passphrase so it automagically uses it on startup? I can see this being a problem on a reboot... Anybody have any quick and easy, or long and dirty pointers that I should know before going into this full tilt? Thanks, Darryl
Apache-SSL 'n Cert Fun
Hi, Has anybody had problems with Apache-SSL running with encrypted key files? My apache-ssl won't run at all once I tell it to use the encrypted key file as well as the fact that it asks for the PEM passphrase every time I restart - is there anyplace I can put the passphrase so it automagically uses it on startup? I can see this being a problem on a reboot... Anybody have any quick and easy, or long and dirty pointers that I should know before going into this full tilt? Thanks, Darryl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
mod_bandwidth
Hi! I'm trying to get mod_bandwidth to work with my apache (1.3.26-0woody1) I've read the info found here (http://www.cohprog.com/mod_bandwidth.html) but I still can't seem to make it work. Anybody had any experience with this magical little non working feature? :) ~ Darryl ~ http://www.FlatlineSystems.net/
Best mail setup?
Hi, I'm currently looking to impliment a new mail system. I was wondering what your recommendations would be for 50 (and growing) virtual hosts. We want something that doesn't require a seperate system user for each virt-user account, and something that's relatively easy to configure. Any suggestions are welcome. Thanks, Darryl
Best mail setup?
Hi, I'm currently looking to impliment a new mail system. I was wondering what your recommendations would be for 50 (and growing) virtual hosts. We want something that doesn't require a seperate system user for each virt-user account, and something that's relatively easy to configure. Any suggestions are welcome. Thanks, Darryl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]