install-testing.html   [plain text]

<!-- $Id: install-testing.html,v 1.4 2007/02/07 18:58:07 murch Exp $ -->
<HTML>
<HEAD>
<TITLE>Testing the IMAP Server
</title>
</head>
<h1>Testing the IMAP Server
</h1>
<body>

To test the IMAP server, reboot and perform the following steps (all
of these samples use "<tt>foobar</tt>" as the IMAP server name).  A
list of answers to common installation problems is maintained in <A
HREF="http://cyrusimap.web.cmu.edu/twiki">http://cyrusimap.web.cmu.edu/twiki</A>.

<ol>
<li>From your normal account, telnet to the IMAP port on the
server you're setting up:

<pre>
<kbd>   telnet foobar imap
</kbd></pre>

If your server is running, you'll get the following message:

<pre>
   Trying 128.2.232.95...
   Connected to foobar.andrew.cmu.edu.
   Escape character is '^]'.
   * OK foobar.andrew.cmu.edu Cyrus IMAP4 v2.0.0 server ready
</pre>

<p>
Any message other than one starting with "<tt>* OK</tt>" means there
is a problem.  To terminate the connection, type
	      "<kbd>. logout</kbd>".

<p>Naturally the version number should match the version you just
installed.

<P>
<li>Use "<tt>imtest</tt>" to test logging in with plaintext passwords:

<pre>
<kbd>   /usr/local/bin/imtest -m login foobar
</kbd></pre>

<p>If you want to specify a different user, do:

<pre>
<kbd>   /usr/local/bin/imtest -m login -a <i>USER</i> foobar
</kbd></pre>

If your server is running, you'll get the following message:
<pre>
   <kbd>% /usr/local/bin/imtest -m login foobar</kbd>
   S: * OK mail1.andrew.cmu.edu Cyrus IMAP4 v2.0.0 server ready
   C: C01 CAPABILITY
   S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS 
   X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME AUTH=GSSAPI AUTH=ANONYMOUS 
   AUTH=KERBEROS_V4 UNSELECT
   S: C01 OK Completed
   Password: 
   + go ahead
   L01 OK User logged in
   Authenticated.
   Security strength factor: 0
</pre>

<p>Any message other than one starting with a "<tt>L01 OK</tt>" means there is
a problem.  If the test fails, a more specific error message should be
written through <tt>syslog</tt> to the server log.  To terminate the
connection, type "<kbd>. logout</kbd>".

<li>You should now test the server with each of the various
authentication mechanisms you have installed. The supported mechanisms
are listed in the CAPABILITY line:

<pre>
  * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS 
  X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME AUTH=ANONYMOUS
  AUTH=KERBEROS_V4 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 UNSELECT
  . OK Completed
</pre>

Each of the mechanism names is preceded by a 'AUTH='. For this example
the ANONYMOUS, KERBEROS_V4, DIGEST-MD5, and CRAM-MD5 mechanisms are
available. If a mechanism does not appear that you wish to use,
examine the libsasl log messages.  Generally, if a mechanism does not
appear, it means it failed to initialize.  (For example, if the server
is unable to access the srvtab file the KERBEROS_V4 mechanism will
refuse to load.)

<p>Plaintext login is a special case: the PLAIN SASL mechanism is only
advertised under an encrypted connection.  However, plaintext logins
are available (as long as you haven't disabled plaintext)
by using <tt>-m login</tt>(as above).

<p>To terminate the <tt>imtest</tt> connection, type "<kbd>. logout</kbd>".

<p>Once you are satisfied with the authentication mechanism list you
should attempt to log in with each of those mechanisms. Run <tt>imtest</tt>
specifying which mechanism you would like to use.

<pre>
   <kbd>/usr/local/bin/imtest -m KERBEROS_V4 foobar</kbd>
   C: C01 CAPABILITY
   S: * OK foobar.andrew.cmu.edu Cyrus IMAP4 v2.0.0 server ready
   S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE
   UIDPLUS X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME AUTH=ANONYMOUS
   AUTH=GSSAPI AUTH=KERBEROS_V4 UNSELECT
   S: C01 OK Completed
   C: A01 AUTHENTICATE KERBEROS_V4
   S: + wYcDAA==
   C: BAYBQU5EUkVXLkNNVS5FRFUAOCAm7F/Y+HabCzJ
      /UMtVcvWRjTohuq/USaCV6gYdkAU5DOcADAq
   S: + 0aAsUGQZhgQ=
   C: ADMe/cVivAYYzy1yd4Vojg==
   S: A01 OK Success (privacy protection)
   Authenticated.
   Security strength factor: 56
</pre>

<p>Any message other than one starting with a "<tt>A01 OK</tt>" means there is
a problem. If the test fails, a more specific error message is written
through <TT>syslog</TT> to the server log.  To terminate the
connection, type "<kbd>. logout</kbd>".</p>

<p>See the libsasl documentation for a full description of all the
mechanisms.  It is also possible to support "security layers"
(privacy or integrity protected connections).  By default,
<tt>imtest</tt> uses the strongest layer available with the selected
mechanism; use "<tt>-l</tt>" to choose an alternate layer.</p>

</ol>

<P><HR>
last modified: $Date: 2007/02/07 18:58:07 $
</BODY></HTML>