Tag Archives: Kopano Groupware

Kopano is an open source groupware application suite originally based on Zarafa.

How to use apt with apt_auth.conf on Debian

If you are in the console shell on a Debian 10 or 11, after running the apt update command, you may get these warning:

N: Usage of apt_auth.conf(5) should be preferred over embedding login information directly in the sources.list(5) entry for 'https://download.kopano.io'
use APT on Debian

This tutorial will show you how to use Login configuration file for Debian apt sources and proxies. Debian Repositories for users with a valid subscription like Kopano can use the credentials to log in to the repository to gain access that makes able to install packages using apt.

Use apt_auth.conf to Kopano repository

If you have a purchased serial key, it can be used to login to the repository withapt_auth.confor at/etc/apt/auth.conf.d/*.conffiles, this will add the login information to the configuration file for APT sources.

Open in the editor of your choice the file:


and remove your login and password information from it.

Create a new/etc/apt/auth.conf.d/kopano.conffile and place in it:

machine download.kopano.io/supported/core:/final/Debian_11/ login serial password XXXXXXXXXXXXXXXXXXXXXXXXX

Supplying login information for a user named serial with the password of your subscription serial key using debian apt.

If you want to deploy Kopano Groupware on Debian 11 (bullseye). Create in/etc/apt/sources.list.d/kopano.listfile and add the following to your Debian apt source:

deb https://download.kopano.io/supported/core:/final/Debian_11/ ./

  as seen here it place without the serial key into the apt source.

The packages are signed so we need to add the key as well.

$ sudo curl -O https://serial:<SERIALKEY>@download.kopano.io/supported/core:/final/Debian_11/Release.key
$ apt-key add Release.key

  I prefer working with elevated privileges as root (“su -“), many people use sudo, so the commands here shown with sudo, but also on Ubuntu you can become root with the (“sudo su -“), simply choose the method that suits for you.

Up to here with Debian 10 everything works fine, but with Debian 11 a warning displayed::

# sudo apt-key add Release.key
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).

It’s a warning, not an error. It doesn’t stop the process. The GPG key is added to your system and you can continue adding the external repository. It doesn’t stop the installation of packages.

The system is now ready to authenticate to the repository able to install packages, simply just now run apt update

Using apt-key deprecation and trusted.gpg

This message requires two steps, apt-key is deprecated, Manage keyring files in trusted.gpg.d. With add the keys of a repository, Debian apt and Ubuntu trusts the packages (signed with that key) coming from the repository. If you don’t add the key of a repository, the system won’t allow installing packages from it. It works by adding the keys to separate files located in the /etc/apt/trusted.gpg.d directory. The apt package manager trusts the keys inside this directory.

It’s the same mechanism it uses for the sources list where external repository sources are listed in their own file under /etc/apt/sources.list.d instead of keeping everything under the /etc/apt/sources.list file. It makes managing the external repos convenient.

And this is how it works, first if the gnupg2 package is not already installed, it can be added as follows:

$ sudo apt install -y gnupg2

After that the repository key can be added as follows:

$ sudo curl -sS https://serial:XXXXXXXXXXXXXXXXXXXXXXXXX@download.kopano.io/supported/core:/final/Debian_11/Release.key | gpg --dearmor > /etc/apt/trusted.gpg.d/KopanoRelease.key

Now check the keys are stored in the keyring with run apt-key list

you’ve done it now, Debian or Ubuntu won’t complain anymore.

Debian APT Login configuration file

The APT/etc/apt/auth.conffile and .conf files inside/etc/apt/auth.conf.dcan be used to store login information in a netrc-like format with restrictive file permissions.

The format defined is similar to the format of the~/.netrcfile used by ftp and similar programs interacting with servers.

machine hostname[:port][/path]

Note that apt does not support Digest access authentication, it only does Basic access authentication. As having protocol specified is not wrong (at least not in bullseye) and actually needed if the protocol is not https, so as it doesn’t leak auth info over unencrypted channels.

The authentication to several different repositories can be used flexibly and are suitable for automated processing, here is another example:

machine simple.org/deb login USER password PASSWD
machine repo.other.gov:443 login USER password PASSWD
machine archive.ops.net/sources/ login USER password PASSWD

  Login information in auth.conf and auth.conf.d are more flexible than those in sources.list. For example, login information can be specified for parts of a repository only, or if the sources.list entry redirects elsewhere, login information for the redirect destination can be supplied.

Kopano WebApp circle rotates endlessly in Firefox

In this Tutorial we show you how to solve the issue with the Kopano WebApp Login using the Mozilla Firefox Browser under Windows.

Kopano WebApp did not match session


If you try to Login via the Kopano WebApp 3.5.2 from Mozilla Firefox 95 under Windows, an animation with rotating circle appears after entering user and password, the circle continues to rotate non-stop, the page stops and it doesn’t go any further, after pressing the F5key or Ctrl+R (Refresh) authentication resume successfully.


The browser performs a Javascript function that sends a fingerprint (special ID) to the server (at the login request) and later when logging in, the server checks the fingerprint for compliance. Mozilla Firefox (version 94.0.2 / 95.02 64bit) distinguishes the second fingerprint from the first. With Firefox on Linux, the behavior was not detected and does not seem to be known.


The workaround/solution is to remove the Arial Narrow font from Javascript, so that the fingerprint does not change. To do this, edit the Java file fingerprint.js.

$ nano /usr/share/kopano-webapp/client/fingerprint.js

Delete the text Arial Narrow; (marked in red) (Arial Black; Bodoni MT).

Javascript fingerprint.js

After removing “Arial Narrow” from Javascript, the session fingerprint is no longer changed, the login passed successful.

Try now Kopano WebApp Login

Kopano WebApp Front-End did not match session terminated

Finaly Kopano WebApp Login from Mozilla Firefox Browser under Windows now works

This app contains the Kopano WebApp, which users can use to conveniently carry out their everyday communication and organizational tasks, from e-mail and calendar entries to file management and video calls. The WebApp can be expanded with plugins and used with various themes that can also be customized.

To install Kopano WebApp, the Kopano Core App must already be installed on at least one server. The Kopano WebApp does not necessarily have to be installed on the same machine. It can also be installed on several servers at the same time for load balancing or for optimized data communication. This app is also required if the Kopano DeskApp is to be used.