mupdate authentication problems / cyrus murder setup

Daniel Wright daniel.wright.moon.avenue at gmail.com
Tue Aug 14 06:08:21 EDT 2007


Good day, List,

I'm trying to set up murder here. I have let's say three servers. One for
backend, one for frontend and one for mupdate server. Problem is, that I'm
not able to set up mupdate part. Mupdate server is working as master(mupdate
-m on the master server).  Authentication is done via
saslauthd->pam->pam_mysql.so.
cyrus.conf looks like that:
SERVICES {
                mupdate       cmd="/usr/lib/cyrus-imapd/mupdate -m"
listen=3905 prefork=1
}
imapd.conf:
configdirectory: /var/lib/imap
partition-default: /tmp
mupdate_config: standard
mupdate_admins: cyrus murder
admins: cyrus murder

allowplaintext:yes
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
sasl_minimum_layer: 0

I think that shoul be OK, because I'm able to authenticate with mupdatetest
from backend or even frontend:
bash-3.1$ mupdatetest -u murder -a murder mu1.cluster.tld
S: * AUTH "PLAIN"
S: * PARTIAL-UPDATE
S: * OK MUPDATE "mu1.cluster.tld" "Cyrus Murder" "
v2.3.7-Invoca-RPM-2.3.7-1.1.el5 " "(master)"
Please enter your password:
C: A01 AUTHENTICATE "PLAIN" {28+}
bXVyZGVyAG11cmRlcgBzbGFwdGE=
S: A01 OK "Authenticated"
Authenticated.
Security strength factor: 0

In mupdate server I have beautiful logs, that login successful:
/var/log/maillog
Aug 14 12:31:02 mu1 mupdate[1783]: login: be1 [192.168.1.10] murder PLAIN
User logged in
Aug 14 12:31:03 mu1 mupdate[1783]: accepted connection
Aug 14 12:31:35 mu1 last message repeated 5 times
Aug 14 12:32:39 mu1 last message repeated 11 times
Also there are pam_mysql logs and so on. I think that is ok.

BUT backend server is not able to authenticate to mupdate. backend's
imapd.conf:
#
#Genereal Cyrus Configuration
#
configdirectory: /var/lib/imap
defaultpartition: default
partition-default: /var/spool/imap
altnamespace: no
unixhierarchysep: no
admins: cyrus
proxyservers: murder
allowanonymouslogin: no
hashimapspool: true
#
#Authentication
#
allowplaintext:yes
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
sasl_minimum_layer: 0
#
#Murder Config
#
mupdate_server: mu1.cluster.tld
mupdate_username: murder
mupdate_authname: murder
mupdate_password: slapta
mupdate_retry_delay: 5

And in logs I have errors:
/var/log/messages
Aug 14 12:37:07 be1 ctl_mboxlist[2164]: No worthy mechs found
In /var/log/maillog and /var/log/secure nothing related to that.
I'm trying to export mailbox db to mupdate server manually:
[root at be1 beast]# su cyrus
bash-3.1$/usr/lib/cyrus-imapd/ctl_mboxlist -m
couldn't connect to mupdate server
bash-3.1$
Then again in /var/log/messages:
Aug 14 12:41:48 be1 ctl_mboxlist[2191]: No worthy mechs found
I even tried with strace. I saw IP resolving, ports and etc. So, it looks
like some work was done.
On mupdate server I have these logs (successful login from earlier
connection with mupdatetest):
/var/log/maillog
Aug 14 12:31:02 mu1 mupdate[1783]: login: be1 [192.168.1.10] murder PLAIN
User logged in
Aug 14 12:31:03 mu1 mupdate[1783]: accepted connection
Aug 14 12:31:35 mu1 last message repeated 5 times
Aug 14 12:32:39 mu1 last message repeated 11 times
Aug 14 12:33:41 mu1 last message repeated 10 times
Aug 14 12:34:42 mu1 last message repeated 11 times
Aug 14 12:35:43 mu1 last message repeated 9 times
Aug 14 12:36:53 mu1 last message repeated 13 times
Aug 14 12:37:56 mu1 last message repeated 11 times
Aug 14 12:39:02 mu1 last message repeated 11 times
Aug 14 12:40:08 mu1 last message repeated 11 times
Aug 14 12:41:12 mu1 last message repeated 11 times
Aug 14 12:42:18 mu1 last message repeated 13 times
Aug 14 12:43:24 mu1 last message repeated 12 times
So connection was made (I've found that with tcpdump listening on both
server eth0 with host mu1 and host be1 respectivly).

On the frontend server I have similar messages except one additional -
frontend proxy is unable to authenticate to backend server:
Aug 14 12:48:19 fe1 mupdate[1601]: couldn't connect to mupdate server
Aug 14 12:48:19 fe1 mupdate[1601]: retrying connection to mupdate server in
10 seconds
Aug 14 12:48:24 fe1 mupdate[1600]: couldn't authenticate to backend server:
no mechanism available
Aug 14 12:48:24 fe1 mupdate[1600]: couldn't connect to mupdate server
Aug 14 12:48:24 fe1 mupdate[1600]: retrying connection to mupdate server in
10 seconds
Aug 14 12:48:29 fe1 mupdate[1601]: couldn't authenticate to backend server:
no mechanism available
Aug 14 12:48:29 fe1 mupdate[1601]: couldn't connect to mupdate server
Aug 14 12:48:29 fe1 mupdate[1601]: retrying connection to mupdate server in
11 seconds
Aug 14 12:48:34 fe1 mupdate[1600]: couldn't authenticate to backend server:
no mechanism available
Aug 14 12:48:34 fe1 mupdate[1600]: couldn't connect to mupdate server
Aug 14 12:48:34 fe1 mupdate[1600]: retrying connection to mupdate server in
13 seconds

So I think the problem is with authentication setup. But I don't know
how/where exactly the problem is. Maybe someone could point where to look,
or maybe someone could explain how lets say authentication is done for
imapproxy.
When frontend is trying to connect to backend, how it is trying to connect?
simple imap authentication? But then on the backend authentication should be
done with saslauthd (I'm able simply login to backend sever imap service
(pam->pam_mysql.so)).

I'm stuck in a loop, but I need to make it work fast :(

I hope someone will point me out where to look.

With Best Regards,

Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20070814/ce37bbd0/attachment.html 


More information about the Info-cyrus mailing list