Ken, Thanks. This is exactly what I did. I was just getting ready to post a follow-up to let everyone know.
Hank ----- Original Message ----- From: "Ken Murchison" <[EMAIL PROTECTED]> To: "Hank Beatty" <[EMAIL PROTECTED]> Cc: "Rob Siemborski" <[EMAIL PROTECTED]>; "Cyrus-Info" <[EMAIL PROTECTED]> Sent: Friday, January 31, 2003 4:34 PM Subject: Re: Murder and Backend Authentication > > > Hank Beatty wrote: > > > > OK. That makes sense. Are there any SASL mechs that can use PAM? > > Like Rob said, just PLAIN, which will require you to use STARTTLS, which > is only in 2.2. That being said, since you will likely only have one or > two proxy admins, you could just put them in sasldb2 and use DIGEST-MD5. > > > > > > ----- Original Message ----- > > From: "Rob Siemborski" <[EMAIL PROTECTED]> > > To: "Hank Beatty" <[EMAIL PROTECTED]> > > Cc: "Cyrus-Info" <[EMAIL PROTECTED]> > > Sent: Friday, January 31, 2003 3:18 PM > > Subject: Re: Murder and Backend Authentication > > > > > You aren't offering any SASL mechanisms. I believe the 2.2 code even > > > supports STARTTLS (and therefore PLAIN). > > > > > > You need to support a SASL mechanism that allows proxy authentication. > > > The regular IMAP login command isn't good enough. > > > > > > -Rob > > > > > > On Fri, 31 Jan 2003, Hank Beatty wrote: > > > > > > > And when I use imtest: > > > > > > > > [root@draco root]# imtest -u hbeatty -a hbeatty localhost > > > > S: * OK draco Cyrus IMAP4 v2.2.prealpha server ready > > > > C: C01 CAPABILITY > > > > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS > > > > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT > > > > THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE > > > > MUPDATE=mupdate://zeus.email.starband.net/ > > > > S: C01 OK Completed > > > > Please enter your password: > > > > C: L01 LOGIN hbeatty {4} > > > > S: + go ahead > > > > C: <omitted> > > > > S: L01 OK User logged in > > > > Authenticated. > > > > Security strength factor: 0 > > > > > > > > ----- Original Message ----- > > > > From: "Rob Siemborski" <[EMAIL PROTECTED]> > > > > To: "Hank Beatty" <[EMAIL PROTECTED]> > > > > Cc: "Cyrus-Info" <[EMAIL PROTECTED]> > > > > Sent: Friday, January 31, 2003 2:29 PM > > > > Subject: Re: Murder and Backend Authentication > > > > > > > > > > > > > What SASL mechanism are you using between your frontend and backends? > > > > > > > > > > Or rather, what mechanisms are your backends advertising? > > > > > > > > > > -Rob > > > > > > > > > > On Fri, 31 Jan 2003, Hank Beatty wrote: > > > > > > > > > > > I'm working on getting a Murder setup and I can authenticate and > > pull > > > > mail > > > > > > directly from the backend server. > > > > > > > > > > > > However, when I try to proxy the connection I get this in > > > > /var/log/messages > > > > > > on the proxy/master: > > > > > > > > > > > > Jan 31 13:40:35 zeus pop3[5437]: login: SERVER[192.168.247.241] > > hbeatty > > > > > > plaintext > > > > > > Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to backend > > > > server: no > > > > > > mechanism available > > > > > > Jan 31 13:40:35 zeus pop3[5437]: couldn't authenticate to backend > > server > > > > > > > > > > > > I get this in /var/log/imapd.log on the backend server: > > > > > > > > > > > > Jan 31 13:45:01 draco pop3[32718]: accepted connection > > > > > > Jan 31 13:45:01 draco master[32724]: about to exec > > /usr/cyrus/bin/pop3d > > > > > > Jan 31 13:45:01 draco master[32688]: process 32718 exited, status 0 > > > > > > Jan 31 13:45:01 draco pop3[32724]: executed > > > > > > > > > > > > With this in mind it would seem that when using the proxy the > > > > authentication > > > > > > method is different somehow. Is this correct? > > > > > > > > > > > > > > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > > Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 > > > > > Research Systems Programmer * /usr/contributed Gatekeeper > > > > > > > > > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 > > > Research Systems Programmer * /usr/contributed Gatekeeper > > > > > -- > Kenneth Murchison Oceana Matrix Ltd. > Software Engineer 21 Princeton Place > 716-662-8973 x26 Orchard Park, NY 14127 > --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp