proxyd and authenticating with the backend servers

Iain_Gray at scee.net Iain_Gray at scee.net
Wed Jan 28 07:47:48 EST 2004 

Thanks Ken

That has solved my problem on the proxies they are now authenticating and 
passing on user logins

However the LMTPproxyd still has errors.

auth.log on lmtpproxyd

Jan 28 21:52:49 cetcb01-02-10 lmtpd[25675]: sql plugin trying to open db 
'imapUsers' on host 'cyrus_sql:mysql' 
Jan 28 21:52:49 cetcb01-02-10 lmtpd[25675]: sql plugin Parse the username 
cyrus 
Jan 28 21:52:49 cetcb01-02-10 lmtpd[25675]: sql plugin try and connect to 
a host 
Jan 28 21:52:49 cetcb01-02-10 lmtpd[25675]: sql plugin trying to open db 
'imapUsers' on host 'cyrus_sql:mysql' 
Jan 28 21:52:49 cetcb01-02-10 lmtpd[25675]: No worthy mechs found

imapd.log on lmtpproxyd

Jan 28 21:52:49 cetcb01-02-10 lmtpd[25675]: lmtpengine do_auth: 
sasl_client_start failed (SASL(-4): no mechanism available: No worthy 
mechs found)
Jan 28 21:52:49 cetcb01-02-10 master[25634]: process 25675 exited, status 
75
Jan 28 21:52:49 cetcb01-02-10 master[25634]: service lmtpd pid 25675 in 
BUSY state: terminated abnormally

imapd.log on backend

Jan 28 13:51:31 cetcb07-01-09 lmtp[30694]: accepted connection
Jan 28 13:51:31 cetcb07-01-09 lmtp[30694]: connection from cetcb02-02-10 
[10.18.13.95]
Jan 28 13:51:31 cetcb07-01-09 master[30706]: about to exec 
/usr/cyrus/bin/lmtpd
Jan 28 13:51:31 cetcb07-01-09 lmtp[30706]: executed


Should I change the conf file for imapd cyrus to start TLS on lmtp?

Thanks

Iain

Iain Gray
Sony Computer Entertainment Europe
http://www.scee.com


Ken Murchison <ken at oceana.com> 
Sent by: owner-info-cyrus at lists.andrew.cmu.edu
27/01/2004 17:33


To
Iain_Gray at scee.net
cc
info-cyrus at lists.andrew.cmu.edu
Subject
Re: proxyd and authenticating with the backend servers






Iain_Gray at scee.net wrote:
> HI
> 
> I am having a problem with cyrus murder setup.
> 
> I have these configured machines
> 
> 2 frontend machines running proxyd and mupdate slaves
> 2 backend machines running imapd and lmtpd
> 1 mupdate master running lmtpproxyd
> I am using sql for a password db
> 
> I can happily log in to the fe servers and see user mailboxes. Also I 
can 
> log into the back end machines and retrieve mail . I can also deliver 
mail 
> to the backend machines.
> 
> What I am having trouble with is when I try and read any mailboxes from 
> the front end machines then I get this error in the logs
> 
> Jan 27 16:46:24 cetcb13-01-09 proxyd[5356]: login: 
> cetcfw006h.inline.scee.com[10.18.13.10] bigbigray plaintext+TLS 
> Jan 27 16:46:26 cetcb13-01-09 proxyd[5356]: couldn't authenticate to 
> backend server: no mechanism available
> 
> If i run imtest from the front end machines either with or without TLS i 

> can log in and see mail as below. Also if I deliver mail to either of 
the 
> backends directly to the lmtpd then that is fine. 
> 
> The problem seems to be with proxyd and lmtpd not authenticating as the 
> rest does.
> 
> I guess that this is because I am using PLAIN passwords and this is 
> disabled unless using TLS.
> 
> Is there a way to enable TLS with proxyd and lmtpproxyd or am i just 
> completely wrong.

You are correct, if you are only using plaintext authentication, then 
you'll need the frontend to use STARTTLS on the backend.  Unfortunately, 
  support for this is not in the 2.1 series.  You can either upgrade to 
2.2.3 or try to backport the STARTTLS patch to 2.1.16.  Here is the 
relevent patchset info:

PatchSet 4559
Date: 2002/12/13 19:28:37
Author: ken3
Log:
added client-side STARTTLS for frontend to backend authentication when
needed (still need to do something for the cert and key)

Members:
         imap/backend.c:1.7.6.6->1.7.6.7 [cyrus-imapd-2_2]
         imap/backend.h:1.3.6.3->1.3.6.4 [cyrus-imapd-2_2]
         imap/tls.c:1.38.4.3->1.38.4.4 [cyrus-imapd-2_2]
         imap/tls.h:1.15.4.1->1.15.4.2 [cyrus-imapd-2_2]


PatchSet 4769
Date: 2003/02/19 17:09:47
Author: ken3
Log:
don't compile STARTTLS support unless we have OpenSSL

Members:
         imap/backend.c:1.7.6.15->1.7.6.16 [cyrus-imapd-2_2]
         imap/backend.h:1.3.6.9->1.3.6.10 [cyrus-imapd-2_2]

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

ForwardSourceID:NT0000FDAA 


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
postmaster at scee.net

This footnote also confirms that this email message has been checked
for all known viruses.

**********************************************************************
 SCEE 2004

More information about the Info-cyrus mailing list