can't mupdate: already authenticated

Mark xa87n at yahoo.com
Sun Jul 6 11:45:53 EDT 2003


Hello,

Over the past few months, I've setup a working config with
cyrus/murder/ldap. Two days ago, I tried to join an imap backend to
the config, and I'm not able to do it. The only difference that I
think there is, the new box is running OpenBSD-current (switched to
ELF, w^x protection, etc.), while all other boxes are running OpenBSD
3.3. The error I'm getting is, in authlog, on imapd backend:
No worthy mechs found

and in imaplog, on imapd backend:
ctl_mboxlist[23351]: authentication to remote mupdate server failed:
already authenticated

and in imaplog, on mupdate master:
accepted connection

This is when I do for example, ./ctl_mboxlist -m on new backend.

I hope I'm missing something simple, and that my brain is just stuck
in a loop. The new server is built exactly the same as all others,
cyrus-sasl 2.1.13 (tried .14 also just for fun) and imapd 2.2-cvs from
maybe 30 days ago (tried from yesterday's cvs also).

I did a ktrace on ctl_mboxlist of a working backend, and new
non-working backend, and mupdate master. What I see is something like:

backend connects to mupdate master
mupdate master says hi here are my mechs (I use PLAIN, but for
debugging purposes I also have OTP and DIGEST-MD5 since yesterday)
backend picks a mech, and authenticates, or something similar
and so on

New backend does this: After mupdate says hi, backend just does
something, then sends LOGOUT to mupdate master, and logs those
messages that I wrote above.

Here is a non-working imapd-backend ktrace, the entire 
./ctl_mboxlist -m 

http://166.84.167.39/trfile.txt

I do know mupdate can't use plain, however, this is not very clear to
me, because I think working imap backend uses plain to authenticate to
mupdate master. Thru saslauthd, which uses ldap, in case this makes a
difference..this is a side point, but I'd like to understand better
how this works.

I've also noticed that working imap will use saslauthd while doing
mupdate to master, and I do see ldap auth in ldap logs. I don't see
this for new backend. Actually, I can kill saslauthd on non-working
imapd box, and it makes no difference. It almost looks like
./ctl_mboxlist decides that there are no worthy mechs right away after
the first line back from mupdate master. In that case, what should I
do? I tried using sasldb2 on mupdate, but imapd backend closes the
connection right away I think, after initial greeting with mech lines.

I'm very much stuck at this point. There seems to be nothing in
archives, google, or deja about this. If anyone has any idea where I
went wrong, I'd appreciate any hints and pointers.

Thanks.

-mark

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com




More information about the Info-cyrus mailing list