Murder and Backend Authentication

[Rob Siemborski]

PLAIN is your only choice (so you'll need to be sure you can get a TLS
layer between the frontend and backend).  Like I said, I believe 2.2 has
this code.  I know 2.1 does not.

-Rob

On Fri, 31 Jan 2003, Hank Beatty wrote:

> OK. That makes sense. Are there any SASL mechs that can use PAM?
>
> ----- Original Message -----
> From: "Rob Siemborski" <rjs3 at andrew.cmu.edu>
> To: "Hank Beatty" <hbeatty.lists at earthlink.net>
> Cc: "Cyrus-Info" <info-cyrus at lists.andrew.cmu.edu>
> Sent: Friday, January 31, 2003 3:18 PM
> Subject: Re: Murder and Backend Authentication
>
>
> > You aren't offering any SASL mechanisms.  I believe the 2.2 code even
> > supports STARTTLS (and therefore PLAIN).
> >
> > You need to support a SASL mechanism that allows proxy authentication.
> > The regular IMAP login command isn't good enough.
> >
> > -Rob
> >
> > On Fri, 31 Jan 2003, Hank Beatty wrote:
> >
> > > And when I use imtest:
> > >
> > > [root at draco root]# imtest -u hbeatty -a hbeatty localhost
> > > S: * OK draco Cyrus IMAP4 v2.2.prealpha server ready
> > > C: C01 CAPABILITY
> > > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> > > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
> > > THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE
> > > MUPDATE=mupdate://zeus.email.starband.net/
> > > S: C01 OK Completed
> > > Please enter your password:
> > > C: L01 LOGIN hbeatty {4}
> > > S: + go ahead
> > > C: <omitted>
> > > S: L01 OK User logged in
> > > Authenticated.
> > > Security strength factor: 0
> > >
> > > ----- Original Message -----
> > > From: "Rob Siemborski" <rjs3 at andrew.cmu.edu>
> > > To: "Hank Beatty" <hbeatty.lists at earthlink.net>
> > > Cc: "Cyrus-Info" <info-cyrus at lists.andrew.cmu.edu>
> > > Sent: Friday, January 31, 2003 2:29 PM
> > > Subject: Re: Murder and Backend Authentication
> > >
> > >
> > > > What SASL mechanism are you using between your frontend and backends?
> > > >
> > > > Or rather, what mechanisms are your backends advertising?
> > > >
> > > > -Rob
> > > >
> > > > On Fri, 31 Jan 2003, Hank Beatty wrote:
> > > >
> > > > > I'm working on getting a Murder setup and I can authenticate and
> pull
> > > mail
> > > > > directly from the backend server.
> > > > >
> > > > > However, when I try to proxy the connection I get this in
> > > /var/log/messages
> > > > > on the proxy/master:
> > > > >
> > > > > Jan 31 13:40:35 zeus pop3[5437]: login: SERVER[192.168.247.241]
> hbeatty
> > > > > plaintext
> > > > > Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to backend
> > > server: no
> > > > > mechanism available
> > > > > Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to backend
> server
> > > > >
> > > > > I get this in /var/log/imapd.log on the backend server:
> > > > >
> > > > > Jan 31 13:45:01 draco pop3[32718]: accepted connection
> > > > > Jan 31 13:45:01 draco master[32724]: about to exec
> /usr/cyrus/bin/pop3d
> > > > > Jan 31 13:45:01 draco master[32688]: process 32718 exited, status 0
> > > > > Jan 31 13:45:01 draco pop3[32724]: executed
> > > > >
> > > > > With this in mind it would seem that when using the proxy the
> > > authentication
> > > > > method is different somehow. Is this correct?
> > > > >
> > > > >
> > > > >
> > > >
> > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > > > Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
> > > > Research Systems Programmer * /usr/contributed Gatekeeper
> > > >
> > >
> > >
> > >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
> > Research Systems Programmer * /usr/contributed Gatekeeper
> >
>
>
>

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper