Cyrus IMAP4 v2.1.18 no login via SSL

From: Lars Hanke (no email)
Date: Tue May 17 2005 - 17:12:16 EDT

Next message: (no email): "Solved: Virtual users setup"

Previous message: (no email): "Solved: RE: Configuring Cyrus IMAP for multiple domains (virtdomains problem)"
Next in thread: Lars Hanke: "Re: Cyrus IMAP4 v2.1.18 no login via SSL"
Maybe reply: Lars Hanke: "Re: Cyrus IMAP4 v2.1.18 no login via SSL"
Maybe reply: Lars Hanke: "Re: Cyrus IMAP4 v2.1.18 no login via SSL"
Maybe reply: Lars Hanke: "Re: Cyrus IMAP4 v2.1.18 no login via SSL"
Maybe reply: Lars Hanke: "Re: Cyrus IMAP4 v2.1.18 no login via SSL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi there,

I came to a closer analysis of an issue I posted some time ago. For some
very strange reason I can authenticate to imapd via imap, but the same
procedure fails with imaps, although SSL appears to be sane. This is
what happens:

telnet verdani imap
[stripped standard messages]
* OK verdani Cyrus IMAP4 v2.1.18-IPv6-Debian-2.1.18-1 server ready
a001 login mgr ******
a001 OK User logged in
a002 logout
* BYE LOGOUT received
a002 OK Completed
Connection closed by foreign host.

openssh s_client -connect verdani:imaps
[stripped most of certificates and such]
Verify return code: 19 (self signed certificate in certificate chain)

---
* OK verdani Cyrus IMAP4 v2.1.18-IPv6-Debian-2.1.18-1 server ready
a001 login mgr ******
and it simply does not return anymore.
There is no difference in /var/log/auth.log, which however reports all 
the steps it goes through by using DIGEST-MD5 with ldapdb for 
authentication. There is a difference in /var/log/mail.log:
The telnet case:
May 17 22:57:37 verdani cyrus/master[4209]: about to exec 
/usr/lib/cyrus/bin/imapd
May 17 22:57:37 verdani cyrus/imap[4209]: executed
May 17 22:57:37 verdani cyrus/imapd[4209]: accepted connection
May 17 22:57:51 verdani cyrus/imapd[4209]: login: 
sleipnir.mgr[172.16.1.3] mgr plaintext
The openssl case:
May 17 22:58:27 verdani cyrus/master[4219]: about to exec 
/usr/lib/cyrus/bin/imapd
May 17 22:58:27 verdani cyrus/imaps[4219]: executed
May 17 22:58:27 verdani cyrus/imapd[4219]: accepted connection
May 17 22:58:28 verdani cyrus/imapd[4219]: mystore: starting txn 2147483777
May 17 22:58:28 verdani cyrus/imapd[4219]: mystore: committing txn 
2147483777
May 17 22:58:28 verdani cyrus/imapd[4219]: starttls: TLSv1 with cipher 
AES256-SHA (256/256 bits new) no authentication
in particular there is no login line.
I checked /dev/random, since all these DIGEST-MD5 etc. eat a lot of 
entropy. Actually I did
#>ln -s /dev/urandom /dev/random
and checked
#>dd if=/dev/random bs=8 count=1
during the hanging authentication. There are random numbers available, 
but still the authentication hangs.
I'm lost. I would appreciate some help in further troubleshooting.
Regards,
 - lars.
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Next message: (no email): "Solved: Virtual users setup"

Previous message: (no email): "Solved: RE: Configuring Cyrus IMAP for multiple domains (virtdomains problem)"
Next in thread: Lars Hanke: "Re: Cyrus IMAP4 v2.1.18 no login via SSL"
Maybe reply: Lars Hanke: "Re: Cyrus IMAP4 v2.1.18 no login via SSL"
Maybe reply: Lars Hanke: "Re: Cyrus IMAP4 v2.1.18 no login via SSL"
Maybe reply: Lars Hanke: "Re: Cyrus IMAP4 v2.1.18 no login via SSL"
Maybe reply: Lars Hanke: "Re: Cyrus IMAP4 v2.1.18 no login via SSL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs