Murder Authentication Methods

Etienne Goyer etienne.goyer at linuxquebec.com
Wed Oct 1 16:09:31 EDT 2003


On Wed, Oct 01, 2003 at 02:24:04PM -0500, anthony mayes wrote:
> We would like to implement a murder including 2 frontends and 3+ 
> backends in a switched (or vpn) environment.  After reading the 
> cyrus-info archives and the documents included in the Cyrus source, we 
> are unclear about the authentication process between the front and the 
> back ends.  We would like to avoid using Kerberos if at all possible 
> being as we do not have an existing Kerberos installation.  What 
> authentication methods would be best suited for this environment?

The frontend authenticate to the backend as a special users, defined as
the 'proxy_authname' on the frontend.  The revelant part of imapd.conf
on the frontend would look like :

proxy_authname: proxy
backend1_password: *********
backend1_mechs: DIGEST-MD5
backend2_password: *********
backend2_mechs: DIGEST-MD5

Replace 'backend1' and 'backend2' with the actual name of your backend.
Also, the user specified in 'proxy_authname' must be authenticable on
the backend (by auxprop, most likely, since it connect with DIGEST-MD5).

A question : is the 'proxy_authname' required to be admin on the
backend?  Could it be just in proxyservers ?

-- 
Etienne Goyer                    Linux Québec Technologies Inc.
http://www.LinuxQuebec.com       etienne.goyer at linuxquebec.com




More information about the Info-cyrus mailing list