fronend-to-backend lmtp auth: only admins may authenticate
Peter Schober
peter.schober at univie.ac.at
Thu Nov 23 12:39:52 EST 2006
I'm having a slight problem understanding the cyrus docs[0] regarding
frontend to backend authentication for LMTP over TCP. all cyri are
2.2.13.
# backend imapd.log:
Nov 23 17:55:02 backend lmtp[21449]: accepted connection
Nov 23 17:55:02 backend lmtp[21449]: connection from frontend.example.org [10.0.0.1]
Nov 23 17:55:02 backend lmtp[21449]: frontend is not an admin
Nov 23 17:55:05 backend lmtp[21449]: badlogin: 10.0.0.1 PLAIN SASL(-13): authentication failure: only admins may authenticate
everything works fine if 'frontend' is listed under 'admins:' on the
backends, but "Setting up the backends ..."[0] like in the docs:
You will also want to configure atleast (sic) one user/group using the
proxyservers imapd.conf option. This user should not be an
administrator, since this means that anyone who can get ahold of your
proxy servers now has full administrative control on your backend.
leads me to including 'frontend' just in 'lmtp_admins' and
'proxyservers':
# frontend config:
proxy_authname: frontend
backend_password: ...
# backend config:
admins: cyrus
proxyservers: frontend
lmtp_admins: frontend
#for backend to backend auth
proxy_authname: cyrus
proxy_password: ...
so while the error message above is exceptionally clear (and easy to
"fix") I'd rather have this setup properly (not that we're too concerned
with the security of our frontends currently).
regards,
-p.schober
[0] http://cyrusimap.web.cmu.edu/imapd/install-murder.html
--
peter.schober at univie.ac.at - vienna university computer center
Universitaetsstrasse 7, A-1010 Wien, Austria/Europe
Tel. +43-1-4277-14155, Fax. +43-1-4277-9140
More information about the Info-cyrus
mailing list