Murder and Backend Authentication
Hank Beatty
hbeatty.lists at earthlink.net
Sat Feb 1 15:19:34 EST 2003
Ken,
Thanks. This is exactly what I did. I was just getting ready to post a
follow-up to let everyone know.
Hank
----- Original Message -----
From: "Ken Murchison" <ken at oceana.com>
To: "Hank Beatty" <hbeatty.lists at earthlink.net>
Cc: "Rob Siemborski" <rjs3 at andrew.cmu.edu>; "Cyrus-Info"
<info-cyrus at lists.andrew.cmu.edu>
Sent: Friday, January 31, 2003 4:34 PM
Subject: Re: Murder and Backend Authentication
>
>
> Hank Beatty wrote:
> >
> > OK. That makes sense. Are there any SASL mechs that can use PAM?
>
> Like Rob said, just PLAIN, which will require you to use STARTTLS, which
> is only in 2.2. That being said, since you will likely only have one or
> two proxy admins, you could just put them in sasldb2 and use DIGEST-MD5.
>
>
> >
> > ----- Original Message -----
> > From: "Rob Siemborski" <rjs3 at andrew.cmu.edu>
> > To: "Hank Beatty" <hbeatty.lists at earthlink.net>
> > Cc: "Cyrus-Info" <info-cyrus at lists.andrew.cmu.edu>
> > Sent: Friday, January 31, 2003 3:18 PM
> > Subject: Re: Murder and Backend Authentication
> >
> > > You aren't offering any SASL mechanisms. I believe the 2.2 code even
> > > supports STARTTLS (and therefore PLAIN).
> > >
> > > You need to support a SASL mechanism that allows proxy authentication.
> > > The regular IMAP login command isn't good enough.
> > >
> > > -Rob
> > >
> > > On Fri, 31 Jan 2003, Hank Beatty wrote:
> > >
> > > > And when I use imtest:
> > > >
> > > > [root at draco root]# imtest -u hbeatty -a hbeatty localhost
> > > > S: * OK draco Cyrus IMAP4 v2.2.prealpha server ready
> > > > C: C01 CAPABILITY
> > > > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> > > > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
SORT
> > > > THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE
> > > > MUPDATE=mupdate://zeus.email.starband.net/
> > > > S: C01 OK Completed
> > > > Please enter your password:
> > > > C: L01 LOGIN hbeatty {4}
> > > > S: + go ahead
> > > > C: <omitted>
> > > > S: L01 OK User logged in
> > > > Authenticated.
> > > > Security strength factor: 0
> > > >
> > > > ----- Original Message -----
> > > > From: "Rob Siemborski" <rjs3 at andrew.cmu.edu>
> > > > To: "Hank Beatty" <hbeatty.lists at earthlink.net>
> > > > Cc: "Cyrus-Info" <info-cyrus at lists.andrew.cmu.edu>
> > > > Sent: Friday, January 31, 2003 2:29 PM
> > > > Subject: Re: Murder and Backend Authentication
> > > >
> > > >
> > > > > What SASL mechanism are you using between your frontend and
backends?
> > > > >
> > > > > Or rather, what mechanisms are your backends advertising?
> > > > >
> > > > > -Rob
> > > > >
> > > > > On Fri, 31 Jan 2003, Hank Beatty wrote:
> > > > >
> > > > > > I'm working on getting a Murder setup and I can authenticate and
> > pull
> > > > mail
> > > > > > directly from the backend server.
> > > > > >
> > > > > > However, when I try to proxy the connection I get this in
> > > > /var/log/messages
> > > > > > on the proxy/master:
> > > > > >
> > > > > > Jan 31 13:40:35 zeus pop3[5437]: login: SERVER[192.168.247.241]
> > hbeatty
> > > > > > plaintext
> > > > > > Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to
backend
> > > > server: no
> > > > > > mechanism available
> > > > > > Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to
backend
> > server
> > > > > >
> > > > > > I get this in /var/log/imapd.log on the backend server:
> > > > > >
> > > > > > Jan 31 13:45:01 draco pop3[32718]: accepted connection
> > > > > > Jan 31 13:45:01 draco master[32724]: about to exec
> > /usr/cyrus/bin/pop3d
> > > > > > Jan 31 13:45:01 draco master[32688]: process 32718 exited,
status 0
> > > > > > Jan 31 13:45:01 draco pop3[32724]: executed
> > > > > >
> > > > > > With this in mind it would seem that when using the proxy the
> > > > authentication
> > > > > > method is different somehow. Is this correct?
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > > > > Rob Siemborski * Andrew Systems Group * Cyert Hall 207 *
412-268-7456
> > > > > Research Systems Programmer * /usr/contributed Gatekeeper
> > > > >
> > > >
> > > >
> > > >
> > >
> > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > > Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
> > > Research Systems Programmer * /usr/contributed Gatekeeper
> > >
>
> --
> Kenneth Murchison Oceana Matrix Ltd.
> Software Engineer 21 Princeton Place
> 716-662-8973 x26 Orchard Park, NY 14127
> --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the Info-cyrus
mailing list