Murder / LDAP / SASL Problem...
Jared Watkins
jwatkins at snowcrash.homeip.net
Thu Oct 31 10:33:05 EST 2002
Rob Siemborski wrote:
>On Thu, 31 Oct 2002, Jared Watkins wrote:
>
>
>>Using imtest I was able to login as you suggested... and sniffing the
>>traffic I saw that it did an ldap lookup to verify the 'murder' proxy
>>user... but why is not doing the ldap search when the auth attempt is
>>made from the frontend server? If you see my original email... I don't
>>have a problem until I try to select the inbox for the test account...
>>that's when I get the error... and no ldap lookups are taking place from
>>the backend system.
>>
>>
>
>I don't know why there isn't a lookup from the frontend. What mechanism
>is it trying to use (since it's obviously succeeding). I'm guessing
>there's something strange about your configuration on the frontend, but
>I'm really worried by the fact that it seems to be working.
>
>
When I login to port 143 using telnet to the _frontend_ that system will
do an ldap lookup and verify the password of the test user. I am able to
list the mailboxes (since they are being provided by mupdate) but when I
attempt to select a mailbox... it fails. When it fails... I can see
the front end attempting to connect to the backend over imap.. but the
backend system replies with 'NO Error authenticating' I also noticed,
while using tcpdump, that the backend system is sending this error
message before the frontend can supply a username...
It almost seems like the back end system does not like something about
the greeting message from the front...
Now... if I do the exact same thing.. (login with telnet to port 143
with my test user) on the backend system... everything works normally...
it will do an ldap lookup to verify the password... and I'm able to
select mailboxes...
>>>imtest -u testuser -a slaveuser backend.your.dom
>>>
>>>
>
>What mechanism does it decide to use?
>
>
>
I am using ldap for all my authentications... or is that not what you
mean? For now I have not compiled any strong mechs.. so everything
should be plain text to keep things simple for testing.
Jared
More information about the Info-cyrus
mailing list