Authentication problem between 2.3.16 back-end and 2.2.12 mupdate and front-ends
morgan at orst.edu
Thu Oct 7 16:50:51 EDT 2010
Maybe you need to upgrade the mupdate master to 2.3.16 first?
On Thu, 7 Oct 2010, Michael D. Sofka wrote:
> Additional information. Recall that:
>> I am in the process of upgrading our cyrus aggregation from 2.2.12 to
>> 2.3.16. I have installed cyrus 2.3.16 on a new back-end server, and it
>> appears fine. I can create accounts on the server, read email from
>> them, etc.
>> Now I am attempting to place the new back-end server into our
>> aggregation so I can begin migrating accounts off the current back-end
>> server. It appears the new back-end is not able to authenticate to the
>> mupdate server.
> On the existing 2.2.12 back-end server I can run:
> mupdatetest -v -p 3905 -a g_murder imap-fe1.server.rpi.edu
> And, it connects, and logs onto the front-end server. If I run:
> mupdatetest -v -t '' -p 3905 -a g_murder imap-fe1.server.rpi.edu
> It does the same with TLS.
> Trying this on the 2.3.16 server, built from Simon Matter's source RPM
> on a RE5 server I get:
> Hacker:mupdatetest -v -p 3905 -a g_murder imap-fe1.server.rpi.edu
> S: * AUTH "LOGIN" "PLAIN"
> S: * STARTTLS
> S: * PARTIAL-UPDATE
> S: * OK MUPDATE "imap-fe1.server.rpi.edu" "Cyrus Murder"
> "v2.2.12-Invoca-RPM-2.2.12-20" "(master)"
> Authentication failed. no mechanism available
> Security strength factor: 0
> Note "no mechanisms available." But, I can run the AUTHENTICATE
> command with either the PLAIN or LOGIN options, I can authenticate just
> fine. Same with the -t '' option, except it goes through TLS first.
> ctl_mboxlist -cw
> couldn't connect to mupdate server
> And syslog reports:
> Oct 7 16:23:56 imap-be4 ctl_mboxlist: starttls: TLSv1 with cipher
> AES256-SHA (256/256 bits new client) no authentication
> Oct 7 16:23:56 imap-be4 ctl_mboxlist: couldn't authenticate to
> backend server: no mechanism available
> Oct 7 16:23:56 imap-be4 ctl_mboxlist: mupdate_connect failed:
> SASL(-4): no mechanism available: No worthy mechs found
> "No worthy mechs found" This seems to be saying that ctl_mboxlist
> doesn't like PLAIN or LOGIN. If so, then what does it want?
> For incoming connections, there appears to be a similar problem. When I
> attempt an xfer from the 2.2.12 back-end to the 2.3.16 back-end the
> transfer fails with the message:
> xfermailbox: Server(s) unavailable to complete operation
> and the 2.3.16 syslog reports:
> Oct 7 16:27:33 imap-be4 imap: accepted connection
> Oct 7 16:27:33 imap-be4 master: about to exec
> Oct 7 16:27:33 imap-be4 imap: executed
> Oct 7 16:27:33 imap-be4 imap: skiplist: checkpointed
> /var/lib/imap/tls_sessions.db (6 records, 1240 bytes) in 0 seconds
> Oct 7 16:27:33 imap-be4 imap: imapd:Loading hard-coded DH parameters
> Oct 7 16:27:33 imap-be4 imap: SSL_accept() incomplete -> wait
> Oct 7 16:27:33 imap-be4 imap: SSL_accept() succeeded -> done
> Oct 7 16:27:33 imap-be4 imap: starttls: TLSv1 with cipher
> DHE-RSA-AES256-SHA (256/256 bits new) no authentication
> I've configured saslauthd to use PAM, and PAM to use pam_unix.so. And,
> as noted, authentication does work.
> Michael D. Sofka sofkam at rpi.edu
> C&MT Sr. Systems Programmer, Email, HPC, TeX, Epistemology
> Rensselaer Polytechnic Institute, Troy, NY. http://www.rpi.edu/~sofkam/
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
More information about the Info-cyrus