Re: Failing to authenticate on the frontends

From: Andrew Morgan (no email)
Date: Wed Oct 04 2006 - 12:45:52 EDT

Next message: Andrew Morgan: "Re: Failing to authenticate on the frontends"

Previous message: Michael Loftis: "Re: Failing to authenticate on the frontends"
In reply to: Jesus Roncero: "Failing to authenticate on the frontends"
Next in thread: Andrew Morgan: "Re: Failing to authenticate on the frontends"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, 4 Oct 2006, Jesus Roncero wrote:

> Hi,
> So I got the whole murder system running. Apparently, both the frontend
> server and the backend server can communicate. I have a backend server that
> has a couple of mailboxes, one of which is called "joe". I'm using a sasldb
> file on both of the machines (backend and frontend) to store users and
> passwords.
>
> The problem is that when I connect to the frontend using an imap client, the
> authentication fails, as using telnet:
>
> cyrus at frontend:/etc$ telnet localhost 143
> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS] frontend Cyrus IMAP4
> v2.3.7 server ready
> 1 login "joe" "password"
> 1 NO Login failed: authentication failure
>
> However, if I _add_ a user/password "joe" to the local user database at the
> frontend, then it works:
>
> cyrus at frontend:/etc$ ../sasl/sbin/saslpasswd2 -c -f sasldb2 joe
> [...]
> cyrus at frontend:/etc$ telnet localhost 143
> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS] frontend Cyrus IMAP4
> v2.3.7 server ready
> 1 login "joe" "password"
> 1 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte
> QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
> MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES
> ANNOTATEMORE CATENATE CONDSTORE IDLE URLAUTH] User logged in
>
> And from here on, an IMAP client is able to browse and see all the messages
> at joe's mailbox.
>
> So, the question is, isn't the frontend supposed to contact the backend
> responsible of that mailbox in order to authenticate the user? or it needs to
> have "joe"'s password at the frontend as well?

The user authentication happens at the frontend. Then proxyd on the
frontend authenticates to the appropriate backend using your proxy
credentials defined in imapd.conf. So, user "joe" needs to exist on the
frontend as well as on the backend.

Andy

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Next message: Andrew Morgan: "Re: Failing to authenticate on the frontends"

Previous message: Michael Loftis: "Re: Failing to authenticate on the frontends"
In reply to: Jesus Roncero: "Failing to authenticate on the frontends"
Next in thread: Andrew Morgan: "Re: Failing to authenticate on the frontends"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs