Sync_client syncserver problem when adding user to sasldb2

Dan White dwhite at olp.net
Wed Feb 2 22:09:41 EST 2011 

On 03/02/11 11:25 +1030, Stephen Carr wrote:
>Dear All
>
>I have had a problem that sync_client cannot authenticate to the
>replica  with a badlogin a few times and now found a workaround.

What's your configuration look like on both systems?

>Version of cyrus-imapd 2.4.6 and sasl  2.1.23
>
>What happened  (see parts of log below)
>
>At 10:23 added new user to sasldb2 then there is a delay before the
>badlogin occurs when the sync_client does a RESTART

On which system did you add the user?

Did you create the user.AAAAA imap folder at the same time? Are you using
any autocreate patches?

>The fix was to su cyrus and run at 10:53:59
>
>sync_client -o -v -l -u user.AAAAAA
>
>Then all was OK
>
>Note the sync_client has the same process ID 28563 but the syncserver
>process IDs changed from 13636 to 13919 then 13925.
>
>The server is quite busy during this period and I noticed the log file
>in the sync directory growing.
>
>Regards
>Stephen Carr
>
>
>Replica
>
>Feb  3 10:16:45 proxy syncserver[13636]: login:
>brooks.civeng.adelaide.edu.au [129.127.16.1] cyrus DIGEST-MD5 User logged in
>Feb  3 10:26:49 proxy syncserver[13636]: login:
>brooks.civeng.adelaide.edu.au [129.127.16.1] cyrus DIGEST-MD5 User logged in
>Feb  3 10:36:52 proxy syncserver[13636]: login:
>brooks.civeng.adelaide.edu.au [129.127.16.1] cyrus DIGEST-MD5 User logged in
>Feb  3 10:38:37 proxy syncserver[13636]: Repacking mailbox user.aaaa
>Feb  3 10:46:55 proxy syncserver[13636]: badlogin:
>brooks.civeng.adelaide.edu.au [129.127.16.1] DIGEST-MD5 [SASL(-17): One
>time use of a plaintext password will enable requested mechanism for
>user: no secret in database]

I'm not understanding the bigger picture of the problem, but this error is
triggered by:

     if (result < 0 ||
        ((!auxprop_values[0].name || !auxprop_values[0].values) &&
         (!auxprop_values[1].name || !auxprop_values[1].values))) {
         /* We didn't find this username */
         sparams->utils->seterror(sparams->utils->conn, 0,
                                  "no secret in database");
         result = sparams->transition ? SASL_TRANS : SASL_NOUSER;
         goto FreeAllMem;
     }

in plugings/digestmd5.c, where SASL_TRANS produces the 'One time use of
plaintext password...' message.

The error implies you have sasl_auto_transition enabled on the replica, and
that which ever user is being used to authenticate to your syncserver is
not found in your auxprop store (sasldb). Maybe you're using saslauthd on
the replica?

-- 
Dan White

More information about the Info-cyrus mailing list