Plain text password between frontend and backend
Ken Murchison
murch at andrew.cmu.edu
Tue Dec 13 08:20:04 EST 2005
Ramya Krishnan wrote:
> Hii,
> I would like to configure a backend server and a frontend server(with
> mupdate server). I use LDAP authentication(SASLAUTHD) in both backend
> and frontend servers.
> I am able to authenticate directly to the backend and select inbox.
> When I connect through the frontend, I am able to authenticate but not
> select inbox. It throws an error
> "couldn't authenticate to backend server: no mechanism available"--log.
> "a2 NO Server(s) unavailable to complete operation"--command line
> I want to send a plain text password as the network between the frontend
> and backend server is safe. I am trying this in cyrus-imapd-2.2.12.
> Would this not be supported in this version? If it does support, is
> there any configuration that has to be done..?
>
> The frontend connects to the backend sees capability.
> * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
> BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
> MUPDATE=mupdate://10.1.21.11/ X-NETSCAPE
>
> Any pointers???
Because the frontends proxy as the user to the backend, the IMAP LOGIN
command can not be used. The only plaintext SASL mechanism that can be
used is PLAIN, but you can't use it unless protected by TLS. Looking at
the CAPABILITY output above, it doesn't look like you've configured TLS.
You might also be able to fake this by running imapd on the backends
with the '-p 2' option.
--
Kenneth Murchison
Systems Programmer
Carnegie Mellon University
More information about the Info-cyrus
mailing list