Re: Using Roundcube with cyrus?

Patrick Boutilier Tue, 03 Feb 2015 05:30:58 -0800

On 02/03/2015 09:20 AM, Patrick Goetz wrote:

This is a bit off topic, but is anyone using Roundcube webmail with
cyrus?  I've lost most of my hair trying to get this to work, and
although it is working now, I'm not sure my fix is the correct way to
solve the problem.


Context:
I only allow plain text STARTTLS connections to the imap server:
/etc/cyrus/imap.conf:

    allowplaintext: no (as per the default)
    sasl_mech_list: PLAIN
    sasl_pwcheck_method: saslauthd
    tls_cert_file: /etc/ssl/certs/ssl-cert-cyrus.episcopalarchives.org.pem
    tls_cipher_list:  TLSv1+HIGH:!aNull:@STRENGTH


Here is the relevant PHP configuration from Roundcube's config.php.conf:

    $config['default_host'] = 'tls://mail.episcopalarchives.org';
    $config['imap_conn_options'] = array(
        'ssl'  => array(
          'verify_peer'  => true,
          'allow_self_signed' => true,
          'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH',
          'peer_name' => 'mail.episcopalarchives.org',
          'cafile'   =>
'/etc/ssl/certs/ssl-cert-cyrus.episcopalarchives.org.pem',
        ),
    );


I tried multiple combinations of PHP connection options as documented on
this page:  http://php.net/manual/en/context.ssl.php

No matter what I changed in the Roundcube PHP configuration, I would
alway get this error message in the cyrus error logs:

Feb 03 01:06:40 www cyrus/imap[29622]: starttls: TLSv1.2 with cipher
DHE-RSA-AES128-SHA (128/128 bits new) no authentication
Feb 03 01:06:40 www cyrus/imap[29622]: badlogin:
www.episcopalarchives.org [216.82.212.230] PLAIN [SASL(-13):
authentication failure: cross-realm login pgo...@episcopalarchives.org
denied]

After a little googling I added this to /etc/cyrus/imapd.conf:

    defaultdomain: episcopalarchives.org
    virtdomains: on


Now I can authenticate through Roundcube, but this solution seems a
little weird to me, since I'm in particular *not* using virtual domains
on this server.

Question:  is it really necessary to turn virtual domains on to get PHP
webmail authentication to work, or is there another way to do this?

Related question:  what are people using for webmail these days?  I was
shocked to see that php-horde isn't even packaged for Arch linux.

Are you using pgo...@episcopalarchives.org as the userid or is Roundcubeappending the domain automatically?



----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

<<attachment: boutilpj.vcf>>

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Using Roundcube with cyrus?

Reply via email to