Tuesday, August 22, 2006

I had issues with setting the time on my debian box, using ntpdate the other day.

I decided to dist upgrade the box, I don't really know why, since it meant downloading 100M of data, and I still couldn't set the time.

Afterward, I noticed that I couldn't use IMAP from my laptop to that box anymore. Argh.

I knew what I'd done.. the dist upgrade would have updated imapd, and the standard imapd that's in Debian Etch doesn't support plain text authentication.

When I first rebuilt that box, from Woody, or whatever it had on it before, and installed IMAP, I discovered that problem. For hours, I tried to work out what I could do, either on the client (thunderbird) or the server, to get them to talk to each other.

Secure Authentication didn't work, and using IMAP over SSL didn't work, in desperation, I connected up the old Woody disk, and grabbed the imapd binary off it, and replaced the standard Etch imapd binary.

This worked fine, I had my plain text auth back, and I didn't worry about it.

I'd forgotten about doing that though, and quite sillyly, I hadn't symlinked imapd to the old binary, I'd replaced it, so when I dist upgraded, it replaced it again, and I don't have that old binary anywhere.

It'd be on the old Woody disk still, but I don't know where that is.

I figured I'd have to get some proper secure connection working.

First I tried setting "Use Secure Authentication" in Thunderbird, but that just told me that "The server does not support it. Disable it to use the server".

I didn't bother to try connecting over SSL on port 993, because I knew I hadn't configured imapd to listen on that port.

I googled around, but couldn't find anything particularly useful, in regards to setting up Secure Authentication.

With a tip, I went looking around the filesystem, and found /usr/lib/ssl/certs/imapd.pem, which contained a public key and an SSL certificate.

I googled "imapd.pem", and found this page, which was quite useful.

I already had most of the stuff done, openssl installed, new imapd, certificate generated etc. I had to work out what was still to be done.

I couldn't find a config file for imapd anywhere, I noticed the lines were already in the inetd.conf, specifying imaps, running on 993.

I switched Thunderbird to "Use secure connection (SSL)", and then tried to access my mail.

This time, unlike a year ago, or whenever I rebuilt the box, it came up and told me that the server wanted to create a secure connection, and send a certificate. It's just a self signed certificate that it must have created as part of the post install of the upgraded impad, I didn't bother to generate one, since it would just be self signed anyway..

I accepted the certificate, and then it prompted for my password. I gave it my password, and it connected. Hmm.

I don't know what the problem was last time then, I'm wondering if it was some sort of issue with inetd, that the imaps daemon didn't start, since I think I was getting connection refused errors, but that was at least a year ago, I don't really remember.


Post a Comment

<< Home