mupdate auth configuration

[Prentice Bisbal]

Jim,

Thanks for the response. Unfortunately, that's not my problem:

# mupdatetest -p 3905 -u mupdater 128.6.239.23
S: * AUTH "PLAIN"
S: * STARTTLS

Prentice



Jim Levie wrote:
> On Tue, 2004-02-17 at 15:59, Prentice Bisbal wrote:
> 
>>Im setting up Cyrus on a SAN where /var/spool/imap is shared via the 
>>san. I'm using the unified-imap branch as suggested by Ken Murchison. 
>>Everything seems to be working except mupdate. When I try to create a 
>>mailbox, I get the following error
>>
>>localhost.localdomain> cm user.prentice
>>createmailbox: no authentication to server
>>
>>I suspect it may be a SASL issue. I've tried the mupdate login names 
>>with and without the domain/realm appended to the username.
>>
> 
> If it is the same problem I just found, then it is a SASL problem.
> 
> 
>>Feb 17 16:53:29 pdb-mail-1 imap[13192]: authentication to remote mupdate 
>>server failed:  "undefined error!"^M
> 
> 
> I don't know which version of Cyrus you are running, but that error is
> remarkably similar to what mupdate-client.c procduces on 2.2.3. I see
> that you are using sasldb2, which makes me think it may be the same
> problem I had.
> 
> What I found was that SASL is being too helpful in trying to use the
> strongest authentication method possible. If SASL was build with
> Kerberos support and you aren't using Kerberos that is the only method
> mupdate will try, which of course will fail. You can tell if this is the
> case by executing:
> 
> mupdatetest -p 3905 -u mupdater 128.6.239.23
> 
> and checking the "* AUTH" line for GSSAPI.
> 
> I don't see a way of limiting the mupdate server's allowable auth mechs
> in the imapd.conf, but I found that renaming the
> /usr/lib/sasl2/libgssapiv2* plugins and restarting Cyrus on the mupdate
> server is a workable solution.
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html