Murder and Backend Authentication

Fri Jan 31 18:27:55 EST 2003

Sorry if this is just obvious but... Everyone keep stating that 
STARTTLS is not supported in 2.1.x I'm assuming that it just doesn't 
work for the Backend Authentication in a Murder since I'm using it to 
connect to my standalone server just fine.  Or do I have something very 
worng going on here?

S: * OK xxxxxxxxxxxxxxx Cyrus IMAP4 v2.1.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND 
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS 
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED
S: C01 OK Completed

--On Friday, January 31, 2003 16:34 -0500 Ken Murchison 
<ken at oceana.com> wrote:

>
>
> Hank Beatty wrote:
>>
>> OK. That makes sense. Are there any SASL mechs that can use PAM?
>
> Like Rob said, just PLAIN, which will require you to use STARTTLS,
> which is only in 2.2.  That being said, since you will likely only
> have one or two proxy admins, you could just put them in sasldb2 and
> use DIGEST-MD5.
>
>
>>
>> ----- Original Message -----
>> From: "Rob Siemborski" <rjs3 at andrew.cmu.edu>
>> To: "Hank Beatty" <hbeatty.lists at earthlink.net>
>> Cc: "Cyrus-Info" <info-cyrus at lists.andrew.cmu.edu>
>> Sent: Friday, January 31, 2003 3:18 PM
>> Subject: Re: Murder and Backend Authentication
>>
>> > You aren't offering any SASL mechanisms.  I believe the 2.2 code
>> > even supports STARTTLS (and therefore PLAIN).
>> >
>> > You need to support a SASL mechanism that allows proxy
>> > authentication. The regular IMAP login command isn't good enough.
>> >
>> > -Rob
>> >
>> > On Fri, 31 Jan 2003, Hank Beatty wrote:
>> >
>> > > And when I use imtest:
>> > >
>> > > [root at draco root]# imtest -u hbeatty -a hbeatty localhost
>> > > S: * OK draco Cyrus IMAP4 v2.2.prealpha server ready
>> > > C: C01 CAPABILITY
>> > > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
>> > > MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT
>> > > CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
>> > > THREAD=REFERENCES IDLE
>> > > MUPDATE=mupdate://zeus.email.starband.net/
>> > > S: C01 OK Completed
>> > > Please enter your password:
>> > > C: L01 LOGIN hbeatty {4}
>> > > S: + go ahead
>> > > C: <omitted>
>> > > S: L01 OK User logged in
>> > > Authenticated.
>> > > Security strength factor: 0
>> > >
>> > > ----- Original Message -----
>> > > From: "Rob Siemborski" <rjs3 at andrew.cmu.edu>
>> > > To: "Hank Beatty" <hbeatty.lists at earthlink.net>
>> > > Cc: "Cyrus-Info" <info-cyrus at lists.andrew.cmu.edu>
>> > > Sent: Friday, January 31, 2003 2:29 PM
>> > > Subject: Re: Murder and Backend Authentication
>> > >
>> > >
>> > > > What SASL mechanism are you using between your frontend and
>> > > > backends?
>> > > >
>> > > > Or rather, what mechanisms are your backends advertising?
>> > > >
>> > > > -Rob
>> > > >
>> > > > On Fri, 31 Jan 2003, Hank Beatty wrote:
>> > > >
>> > > > > I'm working on getting a Murder setup and I can authenticate
>> > > > > and
>> pull
>> > > mail
>> > > > > directly from the backend server.
>> > > > >
>> > > > > However, when I try to proxy the connection I get this in
>> > > /var/log/messages
>> > > > > on the proxy/master:
>> > > > >
>> > > > > Jan 31 13:40:35 zeus pop3[5437]: login:
>> > > > > SERVER[192.168.247.241]
>> hbeatty
>> > > > > plaintext
>> > > > > Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to
>> > > > > backend
>> > > server: no
>> > > > > mechanism available
>> > > > > Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to
>> > > > > backend
>> server
>> > > > >
>> > > > > I get this in /var/log/imapd.log on the backend server:
>> > > > >
>> > > > > Jan 31 13:45:01 draco pop3[32718]: accepted connection
>> > > > > Jan 31 13:45:01 draco master[32724]: about to exec
>> /usr/cyrus/bin/pop3d
>> > > > > Jan 31 13:45:01 draco master[32688]: process 32718 exited,
>> > > > > status 0 Jan 31 13:45:01 draco pop3[32724]: executed
>> > > > >
>> > > > > With this in mind it would seem that when using the proxy the
>> > > authentication
>> > > > > method is different somehow. Is this correct?
>> > > > >
>> > > > >
>> > > > >
>> > > >
>> > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>> > > > -=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207
>> > > > * 412-268-7456 Research Systems Programmer * /usr/contributed
>> > > > Gatekeeper
>> > > >
>> > >
>> > >
>> > >
>> >
>> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>> > -=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 *
>> > 412-268-7456 Research Systems Programmer * /usr/contributed
>> > Gatekeeper
>> >
>
> --
> Kenneth Murchison     Oceana Matrix Ltd.
> Software Engineer     21 Princeton Place
> 716-662-8973 x26      Orchard Park, NY 14127
> --PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

 ------------------------
|     Eric S. Pulley     |
| Sr. Unix Administrator |
|   Hamilton Partners    |
|    +1.707.431.4300     |
|  <eric at hamparts.com>   |
 ------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20030131/e8988630/attachment.bin