2.2 murder backend authentication problems

phr2101 at columbia.edu phr2101 at columbia.edu
Thu May 18 21:11:21 EDT 2006


Quoting Michael Leupold <leupold at leunet.de>:

> Am Donnerstag, 18. Mai 2006 21:26 schrieb Andrew Morgan:
> > On Thu, 18 May 2006, Brenden Conte wrote:
> > > True, and i perhaps used a bad example - this occurs anytime
> i try to
> > > connect to the backend, not just on CREATE.  for example, i
> can
> > > successfully, log in with a valid account, but if i try to
> `SELECT
> > > INBOX`, I get the same error.
> > I don't know enough about the sasl authentication details to
> debug your
> > problem directly, but here are the relevant parts of my
> frontend and
> > backend configs for comparison.
>
> Your config looks pretty much like mine. I'm using PLAIN+TLS with
> an ldap
> backend. However this may be due to some sasl-subtleties used
> (and not
> understood). The part I don't understand is that my client
> outputs it isn't
> able to authenticate because it found "no worthy mechs". Testing
> connections
> with imtest -t "" gives me an "AUTH=PLAIN" though.
> Do you know of any way to get more debug output from either cyrus
> or sasl?
>
> Regards,
> Michael
> ----
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info:
> http://asg.web.cmu.edu/cyrus/mailing-list.html
>


Your problem is 'what mechanism is your frontend using to connect to
your backend'? Generally, there are a couple to choose from, and if
you don't specify it, the frontend is just going to choose one
(generally GSSAPI).

Generally, if you backend has anything other then 'sasl_mech_list:
PLAIN', then the frontend will choose a different mechanism (at
least in my experience) to use.

You can force a frontend to use a specific mechanism, but this
currently doesn't work with PLAIN due to a bug (I believe).

Anyhow if you are able to, set 'sasl_mech_list: PLAIN' in your
backend and see if the connection works from the frontend to the
backend.

-Patrick


More information about the Info-cyrus mailing list