No lmtp / pop authentication on backend

Fri Sep 17 03:13:55 EDT 2004

Hello,

 as Ken Murchison told me you could help me on my authentication problems, I
send you the scenario.
My main problem is to make Frontend services like LMTP and POP authenticate
against backend. Users are capable to authenticate either as SASLDB or as
LDAP users.

And at the bottom of the present messages an architecture overview of what I
want to reach.

Thank you if you can help !!

> Laurent GAUTHIER wrote:
>
> >>Laurent GAUTHIER wrote:
> >>
> >>
> >>>Hello,
> >>>
> >>>I have an architecture of Murder Cyrus Imap Servers with Postfix.
> >>>The design makes Postfix Frontend deliver SMTP to local LMTP service.
> >>>
> >>>My problem is when the Cyrus LMTP service (unix socket) on Frontend
> >>>tries to connect to backend LMTP (TCP/IP socket) , I have messages
> >
> > bellow :
> >
> >>>Frontend:
> >>>Sep 13 19:25:29 localhost cyrus/lmtpproxyd[19904]: lmtpengine do_auth:
> >>>failed to authenticate
> >>>
> >>>Backend:
> >>>Sep 13 19:29:55 localhost cyrus/lmtpd[2210]: connection from
> >>>cyrfro.mydomain.com [182.69.69.44]
> >>>Sep 13 19:29:58 localhost cyrus/lmtpd[2210]: badlogin: 182.69.69.44
> >>>DIGEST-MD5 SASL(-13): user not found: no secret in database
> >>>Is there any parameter as the ones for mupdate like
> >>># mupdate_username
> >>># mupdate_authname
> >>># mupdate_realm
> >>># mupdate_password
> >>>
> >>>that would be dedicated to LMTP?
> >>>
> >>>In other words, how to configure the frontend lmtp service auth-name
> >>>when it intents to connect to the back-end?
> >>
> >> From doc/install-murder.html:
> >>
> >>Additionally, you will need entries in imapd.conf to indicate the proxy
> >>auth name and passwords (if you are using a SASL mechanism that requires
> >>them) to the backends, for example, if your backends are
> >>mail1.andrew.cmu.edu and mail2.andrew.cmu.edu with passwords of foo and
> >>bar, and an auth name of murder:
> >>
> >>mail1_password: foo
> >>mail2_password: bar
> >>proxy_authname: murder
> >>
> >>-- 
> >>Kenneth Murchison     Oceana Matrix Ltd.
> >
> >
> > I'd already configured these entries. In order for you to have a good
idea
> > of my configuration, I  join you my conf files and additionnal piece of
> > information.
> >
> > For the moment I use sasldb, but my real need is to authenticate against
> > LDAP. I tried that with a single Cyrus IMAP and worked with SASL
configured
> > on LDAP. As with the murder configuration it didn't work as I expected,
I
> > went back to sasldb. Maybe I mistake between common users and specific
> > rights Cyrus services users. What is the typical configuration on a
murder,
> > as I should have in my final architecture several fronts and backs in
order
> > to accept between 60 000 and 100 000 users?
> >
> > If your trained eyes can see any mistake ... it would permit me to
implement
> > the LDAP authentication.
>
> I don't use LDAP authentication at all, so I probably won't be much
> help.  You should post to the list and SASL/LDAP experts such as Igor
> can probably help.
>
>
> > By the way, I will next test Horde IMP to access backend mailboxes.
Where
> > would you install it, as you know "prety well" Cyrus imap architecture?
On
> > front ends ? On independant servers configured to talk with front ends?
>
> Either way would work.  You just need to figure out if the frontends can
> handle the load of doing both.  You might want to look into using an
> IMAP proxy (http://www.imapproxy.org/) for webmail.  I'd recommend
> installing this on the same machine as IMP.
>
> -- 
> Kenneth Murchison     Oceana Matrix Ltd.
> Software Engineer     21 Princeton Place
> 716-662-8973 x26      Orchard Park, NY 14127
> --PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: front&back-imapd.conf
Type: application/octet-stream
Size: 5090 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20040917/d132f327/frontback-imapd.obj