Murder / LDAP / SASL Problem...

Jared Watkins jwatkins at snowcrash.homeip.net
Thu Oct 31 09:38:40 EST 2002 

Using imtest I was able to login as you suggested...  and sniffing the 
traffic I saw that it did an ldap lookup to verify the 'murder' proxy 
user...  but why is not doing the ldap search when the auth attempt is 
made from the frontend server?  If you see my original email... I don't 
have a problem until I try to select the inbox for the test account... 
that's when I get the error... and no ldap lookups are taking place from 
the backend system.

> imtest -u testuser -a slaveuser backend.your.dom


Also.. in your example line should that be '-a proxyuser' instead of 
slaveuser?  It was my understanding that the 'slaveuser' was only used 
in communicating with the mupdate master... and the proxy_authname user 
was used in the connection to the backend.

jared


Rob Siemborski wrote:

>On Wed, 30 Oct 2002, Jared Watkins wrote:
>
>  
>
>>What's not working:  Although I'm able to authenticate with a test
>>account to the front end system... I am not able to select the inbox.
>>When I try to select the inbox there is a pause of around 5 seconds then
>>I see the following errors:
>>
>>IMAP:  NO Server(s) unavailable to complete operation
>>Frontend: login: localhost.localdomain[127.0.0.1] test1 plaintext
>>Frontend: couldn't authenticate to backend server: authentication failure
>>Backend:  badlogin: [ip of frontend] PLAIN [SASL (-4): no mechanism
>>available: security flags do not match required]
>>
>>When this happens... I know from sniffing the network that neither front
>>or back system is doing an ldap lookup to verify the proxy users
>>password... so I assume that's why it is failing...  it has nothing to
>>verify the proxy_authname against.
>>    
>>
>
>This isn't what is being indicated by the logs and the behavior you
>suggest.
>
>If you can authenticate to the frontend as the test user, then the
>frontend is happy that the test user is a-ok.  No authentications to the
>backend happen until you select a mailbox.
>
>Have you tried doing something like:
>
>imtest -u testuser -a slaveuser backend.your.dom
>
>and seeing if you can proxy authenticate that way?
>
>-Rob
>
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
>Research Systems Programmer * /usr/contributed Gatekeeper
>
>
>
>
>  
>

More information about the Info-cyrus mailing list