On Wed, 4 Oct 2006, Jesus Roncero wrote:
Hi,
So I got the whole murder system running. Apparently, both the frontend
server and the backend server can communicate. I have a backend server that
has a couple of mailboxes, one of which is called "joe". I'm using a sasldb
file on both of the machines (backend and frontend) to store users and
passwords.
The problem is that when I connect to the frontend using an imap client, the
authentication fails, as using telnet:
cyrus@frontend:/etc$ telnet localhost 143
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS] frontend Cyrus IMAP4
v2.3.7 server ready
1 login "joe" "password"
1 NO Login failed: authentication failure
However, if I _add_ a user/password "joe" to the local user database at the
frontend, then it works:
cyrus@frontend:/etc$ ../sasl/sbin/saslpasswd2 -c -f sasldb2 joe
[...]
cyrus@frontend:/etc$ telnet localhost 143
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS] frontend Cyrus IMAP4
v2.3.7 server ready
1 login "joe" "password"
1 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte
QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES
ANNOTATEMORE CATENATE CONDSTORE IDLE URLAUTH] User logged in
And from here on, an IMAP client is able to browse and see all the messages
at joe's mailbox.
So, the question is, isn't the frontend supposed to contact the backend
responsible of that mailbox in order to authenticate the user? or it needs to
have "joe"'s password at the frontend as well?
The user authentication happens at the frontend. Then proxyd on the
frontend authenticates to the appropriate backend using your proxy
credentials defined in imapd.conf. So, user "joe" needs to exist on the
frontend as well as on the backend.
Andy
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
