2.2 murder backend authentication problems

Brenden Conte conteb at rpi.edu
Thu May 18 10:17:44 EDT 2006 

I've been wrestling with a new cyrus murder setup.  At this point, edits 
made to a backend server are properly propigated through the master and 
frontends.

Now, i'm trying to test administration through the frontend servers.  
For example, when i connect to a frontend server and issue a `CREATE 
user.testuser imap-backend` the frontend logs show the following:
------------
May 18 10:00:28 imap-frontend imap[24327]: accepted connection
May 18 10:00:28 imap-frontend imap[24327]: mystore: starting txn 2147483656
May 18 10:00:28 imap-frontend imap[24327]: mystore: committing txn 
2147483656
May 18 10:00:28 imap-frontend imap[24327]: starttls: TLSv1 with cipher 
AES256-SHA (256/256 bits new) no authentication
May 18 10:00:28 imap-frontend imap[24327]: login: <client> 
[128.113.124.76] <cyrusadmin> PLAIN+TLS User logged in
May 18 10:00:28 imap-frontend imap[24327]: Doing a peer verify
May 18 10:00:28 imap-frontend imap[24327]: Doing a peer verify
May 18 10:00:28 imap-frontend imap[24327]: received server certificate
May 18 10:00:28 imap-frontend imap[24327]: starttls: TLSv1 with cipher 
AES256-SHA (256/256 bits new) no authentication
May 18 10:00:28 imap-frontend imap[24327]: couldn't authenticate to 
backend server: no mechanism available
May 18 10:00:28 imap-frontend imap[24327]: PROTERR: end of file reached
----------
and the backend:
----------
May 18 10:00:28 imap-backend imap[5517]: accepted connection
May 18 10:00:28 imap-backend imap[5517]: mystore: starting txn 2147483674
May 18 10:00:28 imap-backend imap[5517]: mystore: committing txn 2147483674
May 18 10:00:28 imap-backend imap[5517]: starttls: TLSv1 with cipher 
AES256-SHA (256/256 bits new) no authentication
-----------
Network dumps show that its using TLS, but i can't tell what the traffic 
looks like after TLS starts.  I've manually logged in with LOGIN to 
verify that the <cyrusproxy>,<proxypasswd> combo is valid on the backend 
server

Here are the pertainant pieces of my frontend imapd.conf...
-----------
configdirectory: /var/lib/imap
partition-default: /tmp
admins: <cyrusadmin>

proxy_authname: <cyrusproxy>
imap-backend_passwd: <proxypass>

postuser: sharedfolders
allowplaintext: 1
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN GSSAPI
sasl_minimum_layer: 0
tls_key_file: /etc/ssl/cert.key
tls_cert_file: /etc/ssl/cert.cert
tls_ca_file: /etc/ssl/CA.cert

# Murder
mupdate_username: <cyrusproxy>
mupdate_authname: <cyrusproxy>
mupdate_password: <proxypass>
mupdate_server: <imap-master.domain.tld>
---------
And the relivant parts of the backend config:
---------
admins: <cyrusadmin> <cyrusbackend>
postuser: sharedfolders

allowplaintext: 1
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN GSSAPI
sasl_minimum_layer: 0

# SSL
tls_key_file: /etc/ssl/cert.key
tls_cert_file: /etc/ssl/cert.cert
tls_ca_file: /etc/ssl/CA.cert

# Murder
mupdate_username: <cyrusbackend>
mupdate_authname: <cyrusbackend>
mupdate_password: <backendpasswd>
mupdate_server: <imap-master.domain.tld>
proxyservers: <cyrusbackend> <cyrusproxy>
allowusermoves: 1
---------

If anyone has suggestions it would be very much appreciated.

Thanks.

-- 
Brenden Conte
System Programmer, C&MT.CIO
Rensselaer Polytechnic Institute
(518)276-4264

More information about the Info-cyrus mailing list