mupdate authentication problems / cyrus murder setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Good day, List,

I'm trying to set up murder here. I have let's say three servers. One for backend, one for frontend and one for mupdate server. Problem is, that I'm not able to set up mupdate part. Mupdate server is working as master(mupdate -m on the master server).  Authentication is done via saslauthd->pam->pam_mysql.so.
cyrus.conf looks like that:
SERVICES {
                mupdate       cmd="/usr/lib/cyrus-imapd/mupdate -m" listen=3905 prefork=1
}
imapd.conf:
configdirectory: /var/lib/imap
partition-default: /tmp
mupdate_config: standard
mupdate_admins: cyrus murder
admins: cyrus murder

allowplaintext:yes
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
sasl_minimum_layer: 0

I think that shoul be OK, because I'm able to authenticate with mupdatetest from backend or even frontend:
bash-3.1$ mupdatetest -u murder -a murder mu1.cluster.tld
S: * AUTH "PLAIN"
S: * PARTIAL-UPDATE
S: * OK MUPDATE "mu1.cluster.tld" "Cyrus Murder" "v2.3.7-Invoca-RPM-2.3.7-1.1.el5 " "(master)"
Please enter your password:
C: A01 AUTHENTICATE "PLAIN" {28+}
bXVyZGVyAG11cmRlcgBzbGFwdGE=
S: A01 OK "Authenticated"
Authenticated.
Security strength factor: 0

In mupdate server I have beautiful logs, that login successful:
/var/log/maillog
Aug 14 12:31:02 mu1 mupdate[1783]: login: be1 [ 192.168.1.10] murder PLAIN User logged in
Aug 14 12:31:03 mu1 mupdate[1783]: accepted connection
Aug 14 12:31:35 mu1 last message repeated 5 times
Aug 14 12:32:39 mu1 last message repeated 11 times
Also there are pam_mysql logs and so on. I think that is ok.

BUT backend server is not able to authenticate to mupdate. backend's imapd.conf:
#
#Genereal Cyrus Configuration
#
configdirectory: /var/lib/imap
defaultpartition: default
partition-default: /var/spool/imap
altnamespace: no
unixhierarchysep: no
admins: cyrus
proxyservers: murder
allowanonymouslogin: no
hashimapspool: true
#
#Authentication
#
allowplaintext:yes
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
sasl_minimum_layer: 0
#
#Murder Config
#
mupdate_server: mu1.cluster.tld
mupdate_username: murder
mupdate_authname: murder
mupdate_password: slapta
mupdate_retry_delay: 5

And in logs I have errors:
/var/log/messages
Aug 14 12:37:07 be1 ctl_mboxlist[2164]: No worthy mechs found
In /var/log/maillog and /var/log/secure nothing related to that.
I'm trying to export mailbox db to mupdate server manually:
[root@be1 beast]# su cyrus
bash-3.1$/usr/lib/cyrus-imapd/ctl_mboxlist -m
couldn't connect to mupdate server
bash-3.1$
Then again in /var/log/messages:
Aug 14 12:41:48 be1 ctl_mboxlist[2191]: No worthy mechs found
I even tried with strace. I saw IP resolving, ports and etc. So, it looks like some work was done.
On mupdate server I have these logs (successful login from earlier connection with mupdatetest):
/var/log/maillog
Aug 14 12:31:02 mu1 mupdate[1783]: login: be1 [192.168.1.10] murder PLAIN User logged in
Aug 14 12:31:03 mu1 mupdate[1783]: accepted connection
Aug 14 12:31:35 mu1 last message repeated 5 times
Aug 14 12:32:39 mu1 last message repeated 11 times
Aug 14 12:33:41 mu1 last message repeated 10 times
Aug 14 12:34:42 mu1 last message repeated 11 times
Aug 14 12:35:43 mu1 last message repeated 9 times
Aug 14 12:36:53 mu1 last message repeated 13 times
Aug 14 12:37:56 mu1 last message repeated 11 times
Aug 14 12:39:02 mu1 last message repeated 11 times
Aug 14 12:40:08 mu1 last message repeated 11 times
Aug 14 12:41:12 mu1 last message repeated 11 times
Aug 14 12:42:18 mu1 last message repeated 13 times
Aug 14 12:43:24 mu1 last message repeated 12 times
So connection was made (I've found that with tcpdump listening on both server eth0 with host mu1 and host be1 respectivly).

On the frontend server I have similar messages except one additional - frontend proxy is unable to authenticate to backend server:
Aug 14 12:48:19 fe1 mupdate[1601]: couldn't connect to mupdate server
Aug 14 12:48:19 fe1 mupdate[1601]: retrying connection to mupdate server in 10 seconds
Aug 14 12:48:24 fe1 mupdate[1600]: couldn't authenticate to backend server: no mechanism available
Aug 14 12:48:24 fe1 mupdate[1600]: couldn't connect to mupdate server
Aug 14 12:48:24 fe1 mupdate[1600]: retrying connection to mupdate server in 10 seconds
Aug 14 12:48:29 fe1 mupdate[1601]: couldn't authenticate to backend server: no mechanism available
Aug 14 12:48:29 fe1 mupdate[1601]: couldn't connect to mupdate server
Aug 14 12:48:29 fe1 mupdate[1601]: retrying connection to mupdate server in 11 seconds
Aug 14 12:48:34 fe1 mupdate[1600]: couldn't authenticate to backend server: no mechanism available
Aug 14 12:48:34 fe1 mupdate[1600]: couldn't connect to mupdate server
Aug 14 12:48:34 fe1 mupdate[1600]: retrying connection to mupdate server in 13 seconds

So I think the problem is with authentication setup. But I don't know how/where exactly the problem is. Maybe someone could point where to look, or maybe someone could explain how lets say authentication is done for imapproxy.
When frontend is trying to connect to backend, how it is trying to connect? simple imap authentication? But then on the backend authentication should be done with saslauthd (I'm able simply login to backend sever imap service (pam->pam_mysql.so)).

I'm stuck in a loop, but I need to make it work fast :(

I hope someone will point me out where to look.

With Best Regards,

Daniel
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux