proxyd and authenticating with the backend servers

Ken Murchison ken at oceana.com
Tue Jan 27 12:33:13 EST 2004 

Iain_Gray at scee.net wrote:
> HI
> 
> I am having a problem with cyrus murder setup.
> 
> I have these configured machines
> 
> 2 frontend machines running proxyd and mupdate slaves
> 2 backend machines running imapd and lmtpd
> 1 mupdate master running lmtpproxyd
> I am using sql for a password db
> 
> I can happily log in to the fe servers and see user mailboxes. Also I can 
> log into the back end machines and retrieve mail . I can also deliver mail 
> to the backend machines.
> 
> What I am having trouble with is when I try and read any mailboxes from 
> the front end machines then I get this error in the logs
> 
> Jan 27 16:46:24 cetcb13-01-09 proxyd[5356]: login: 
> cetcfw006h.inline.scee.com[10.18.13.10] bigbigray plaintext+TLS 
> Jan 27 16:46:26 cetcb13-01-09 proxyd[5356]: couldn't authenticate to 
> backend server: no mechanism available
> 
> If i run imtest from the front end machines either with or without TLS i 
> can log in and see mail as below. Also if I deliver mail to either of the 
> backends directly to the lmtpd then that is fine. 
> 
> The problem seems to be with proxyd and lmtpd not authenticating as the 
> rest does.
> 
> I guess that this is because I am using PLAIN passwords and this is 
> disabled unless using TLS.
> 
> Is there a way to enable TLS with proxyd and lmtpproxyd or am i just 
> completely wrong.

You are correct, if you are only using plaintext authentication, then 
you'll need the frontend to use STARTTLS on the backend.  Unfortunately, 
  support for this is not in the 2.1 series.  You can either upgrade to 
2.2.3 or try to backport the STARTTLS patch to 2.1.16.  Here is the 
relevent patchset info:

PatchSet 4559
Date: 2002/12/13 19:28:37
Author: ken3
Log:
added client-side STARTTLS for frontend to backend authentication when
needed (still need to do something for the cert and key)

Members:
         imap/backend.c:1.7.6.6->1.7.6.7 [cyrus-imapd-2_2]
         imap/backend.h:1.3.6.3->1.3.6.4 [cyrus-imapd-2_2]
         imap/tls.c:1.38.4.3->1.38.4.4 [cyrus-imapd-2_2]
         imap/tls.h:1.15.4.1->1.15.4.2 [cyrus-imapd-2_2]


PatchSet 4769
Date: 2003/02/19 17:09:47
Author: ken3
Log:
don't compile STARTTLS support unless we have OpenSSL

Members:
         imap/backend.c:1.7.6.15->1.7.6.16 [cyrus-imapd-2_2]
         imap/backend.h:1.3.6.9->1.3.6.10 [cyrus-imapd-2_2]

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

More information about the Info-cyrus mailing list