Minor bug for imap based accounts - don't req. new password
Posted: Wed Aug 24, 2005 3:08 pm
When adding new imap based accounts, don't check the box: User must change password on first login.
We're on the latest Scalix Community for Fedora Core 4. Whenever these accounts are created with that checkbox enabled, we couldn't login.
I enabled the imap log and saw the following:
------------------------------------------------------
3250 13:35:05.880 IMAP4 Server 9.4.0.8 on mail.domain.com at Tue Aug 23 13:35:05 2005
3250 13:35:05.881 S: * OK Scalix IMAP server 9.4.0.8 ready on mail.domain.com
3250 13:35:05.886 C: 1 capability
3250 13:35:05.959 S: * CAPABILITY IMAP4 IMAP4rev1 X-SCALIX-1 X-SCALIX-2 X-SCALIX-3 X-SCALIX-4 ID IDLE LOGIN-REFERRALS NAMESP
ACE UIDPLUS ACL AUTH=GSSAPI AUTH=CRAM-MD5 AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=LOGIN
3250 13:35:05.959 S: 1 OK CAPABILITY completed
3250 13:35:10.349 C: 2 authenticate plain
3250 13:35:10.350 S: +
3250 13:35:10.350 C: AHpob3hpZUB2b2ljZS1wbHVzLmNvbQBob3hpZQ==
3250 13:35:10.420 S: 2 NO AUTHENTICATE [X-SCALIX-EXPIRED] password expired, please change it
3250 13:35:10.425 C: 3 login "zhoxie@domain.com" "hoxie"
3250 13:35:10.535 S: 3 NO LOGIN [X-SCALIX-EXPIRED] password expired, please change it
3250 13:35:11.671 C: 4 authenticate plain
3250 13:35:11.672 S: +
3250 13:35:11.680 C: AHpob3hpZUB2b2ljZS1wbHVzLmNvbQBob3hpZQ==
3250 13:35:11.732 S: 4 NO AUTHENTICATE [X-SCALIX-EXPIRED] password expired, please change it
3250 13:35:11.739 C: 5 login "zhoxie@domain.com" "hoxie"
3250 13:35:11.779 S: 5 NO LOGIN [X-SCALIX-EXPIRED] password expired, please change it
3250 13:35:12.533 C: 6 logout
3250 13:35:12.533 S: * BYE Scalix IMAP Server logging out
3250 13:35:12.533 S: 6 OK LOGOUT completed
3250 13:35:12.533 IMAP4 server exiting.
----------------------------------------------------------------------------------------
OK- so we then login to the webmail and change the password and login to SAC to change the password (without enabling the require-password-change checkbox) but the account still wouldn't allow login. At that point we would get:
----------------------------------------------------------------------------------------
31215 14:38:33.809 IMAP4 Server 9.4.0.8 on mail.domain.com at Wed Aug 24 14:38:33 2005
31215 14:38:33.809 S: * OK Scalix IMAP server 9.4.0.8 ready on mail.domain.com
31215 14:38:36.799 C: 1 authenticate plain
31215 14:38:36.872 S: +
31215 14:38:36.876 C: AHpob3hpZUB2b2ljZS1wbHVzLmNvbQBob3hpZQ==
31215 14:38:36.948 S: 1 NO AUTHENTICATE failure, user name or password rejected
31215 14:38:36.949 C: 2 login "zhoxie@domain.com" "hoxie"
31215 14:38:37.060 S: 2 NO LOGIN failure, user name or password rejected
31215 14:38:40.938 C: 3 authenticate plain
31215 14:38:40.939 S: +
31215 14:38:40.972 C: AHpob3hpZUB2b2ljZS1wbHVzLmNvbQBob3hpZQ==
31215 14:38:41.027 S: 3 NO AUTHENTICATE failure, user name or password rejected
31215 14:38:41.030 C: 4 login "zhoxie@domain.com" "hoxie"
31215 14:38:41.071 S: 4 NO LOGIN failure, user name or password rejected
31215 14:38:41.882 C: 5 logout
31215 14:38:41.882 S: * BYE Scalix IMAP Server logging out
31215 14:38:41.883 S: 5 OK LOGOUT completed
31215 14:38:41.883 IMAP4 server exiting.
----------------------------------------------------------------------------------------
At this point the only way to get this account to authenticate is to reload Scalix with a "service scalix restart".
Unfortunately we setup 10+ accounts this way and for each one we've had to repeat a similar process that inevitably requires restarting the server. It's not a big deal if you know about it but we spent many hours trying to figure out why these accounts wouldn't login.
We're on the latest Scalix Community for Fedora Core 4. Whenever these accounts are created with that checkbox enabled, we couldn't login.
I enabled the imap log and saw the following:
------------------------------------------------------
3250 13:35:05.880 IMAP4 Server 9.4.0.8 on mail.domain.com at Tue Aug 23 13:35:05 2005
3250 13:35:05.881 S: * OK Scalix IMAP server 9.4.0.8 ready on mail.domain.com
3250 13:35:05.886 C: 1 capability
3250 13:35:05.959 S: * CAPABILITY IMAP4 IMAP4rev1 X-SCALIX-1 X-SCALIX-2 X-SCALIX-3 X-SCALIX-4 ID IDLE LOGIN-REFERRALS NAMESP
ACE UIDPLUS ACL AUTH=GSSAPI AUTH=CRAM-MD5 AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=LOGIN
3250 13:35:05.959 S: 1 OK CAPABILITY completed
3250 13:35:10.349 C: 2 authenticate plain
3250 13:35:10.350 S: +
3250 13:35:10.350 C: AHpob3hpZUB2b2ljZS1wbHVzLmNvbQBob3hpZQ==
3250 13:35:10.420 S: 2 NO AUTHENTICATE [X-SCALIX-EXPIRED] password expired, please change it
3250 13:35:10.425 C: 3 login "zhoxie@domain.com" "hoxie"
3250 13:35:10.535 S: 3 NO LOGIN [X-SCALIX-EXPIRED] password expired, please change it
3250 13:35:11.671 C: 4 authenticate plain
3250 13:35:11.672 S: +
3250 13:35:11.680 C: AHpob3hpZUB2b2ljZS1wbHVzLmNvbQBob3hpZQ==
3250 13:35:11.732 S: 4 NO AUTHENTICATE [X-SCALIX-EXPIRED] password expired, please change it
3250 13:35:11.739 C: 5 login "zhoxie@domain.com" "hoxie"
3250 13:35:11.779 S: 5 NO LOGIN [X-SCALIX-EXPIRED] password expired, please change it
3250 13:35:12.533 C: 6 logout
3250 13:35:12.533 S: * BYE Scalix IMAP Server logging out
3250 13:35:12.533 S: 6 OK LOGOUT completed
3250 13:35:12.533 IMAP4 server exiting.
----------------------------------------------------------------------------------------
OK- so we then login to the webmail and change the password and login to SAC to change the password (without enabling the require-password-change checkbox) but the account still wouldn't allow login. At that point we would get:
----------------------------------------------------------------------------------------
31215 14:38:33.809 IMAP4 Server 9.4.0.8 on mail.domain.com at Wed Aug 24 14:38:33 2005
31215 14:38:33.809 S: * OK Scalix IMAP server 9.4.0.8 ready on mail.domain.com
31215 14:38:36.799 C: 1 authenticate plain
31215 14:38:36.872 S: +
31215 14:38:36.876 C: AHpob3hpZUB2b2ljZS1wbHVzLmNvbQBob3hpZQ==
31215 14:38:36.948 S: 1 NO AUTHENTICATE failure, user name or password rejected
31215 14:38:36.949 C: 2 login "zhoxie@domain.com" "hoxie"
31215 14:38:37.060 S: 2 NO LOGIN failure, user name or password rejected
31215 14:38:40.938 C: 3 authenticate plain
31215 14:38:40.939 S: +
31215 14:38:40.972 C: AHpob3hpZUB2b2ljZS1wbHVzLmNvbQBob3hpZQ==
31215 14:38:41.027 S: 3 NO AUTHENTICATE failure, user name or password rejected
31215 14:38:41.030 C: 4 login "zhoxie@domain.com" "hoxie"
31215 14:38:41.071 S: 4 NO LOGIN failure, user name or password rejected
31215 14:38:41.882 C: 5 logout
31215 14:38:41.882 S: * BYE Scalix IMAP Server logging out
31215 14:38:41.883 S: 5 OK LOGOUT completed
31215 14:38:41.883 IMAP4 server exiting.
----------------------------------------------------------------------------------------
At this point the only way to get this account to authenticate is to reload Scalix with a "service scalix restart".
Unfortunately we setup 10+ accounts this way and for each one we've had to repeat a similar process that inevitably requires restarting the server. It's not a big deal if you know about it but we spent many hours trying to figure out why these accounts wouldn't login.