Murder / LDAP / SASL Problem...

Rob Siemborski rjs3 at andrew.cmu.edu
Wed Oct 30 14:38:04 EST 2002


On Wed, 30 Oct 2002, Jared Watkins wrote:

> What's not working:  Although I'm able to authenticate with a test
> account to the front end system... I am not able to select the inbox.
> When I try to select the inbox there is a pause of around 5 seconds then
> I see the following errors:
>
> IMAP:  NO Server(s) unavailable to complete operation
> Frontend: login: localhost.localdomain[127.0.0.1] test1 plaintext
> Frontend: couldn't authenticate to backend server: authentication failure
> Backend:  badlogin: [ip of frontend] PLAIN [SASL (-4): no mechanism
> available: security flags do not match required]
>
> When this happens... I know from sniffing the network that neither front
> or back system is doing an ldap lookup to verify the proxy users
> password... so I assume that's why it is failing...  it has nothing to
> verify the proxy_authname against.

This isn't what is being indicated by the logs and the behavior you
suggest.

If you can authenticate to the frontend as the test user, then the
frontend is happy that the test user is a-ok.  No authentications to the
backend happen until you select a mailbox.

Have you tried doing something like:

imtest -u testuser -a slaveuser backend.your.dom

and seeing if you can proxy authenticate that way?

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper







More information about the Info-cyrus mailing list