ctl_mboxlist being run as root and CRAM-MD5 with saslauthd + LDAP
Hi there, I am setting up a Murder (cool technologie, btw) and I have a problem I can't seem to solve by myself. Any help would be very appreciated ! Basically, ctl_mboxlist try to authenticate as root on the MUPDATE master server. Here is the revelant part of my /etc/cyrus.conf : --- START { recover cmd=ctl_cyrusdb -r mupdatepush cmd=ctl_mboxlist -m } --- My mupdate master server authenticate thru saslauthd with LDAP. /etc/imapd.conf on mupdate master server : --- configdirectory: /var/imap partition-default: /tmp admins: cyrus sasl_mech_list: PLAIN sasl_pwcheck_method: saslauthd --- When the master server start on the backend, the following appear in /var/log/auth.log : --- Mar 6 09:46:41 ldap1 saslauthd[1852]: Entry not found or more than one entries found (uid=root). Mar 6 09:46:41 ldap1 saslauthd[1852]: AUTHFAIL: user=root service=mupdate realm= Mar 6 09:46:41 ldap1 mupdate[2022]: Password verification failed --- This make me believe that ctl_mboxlist is being executed as root (at least, try to authenticate as root). I could not fing a switch in the man page to have it authenticate as some specific user (in my case, cyrus). Two (inelegant) solution I tried that did not work where to make ctl_mboxlist suid cyrus and executing ctl_mboxlist as cyrus with sudo in /etc/cyrus.conf. Is there s switch to ctl_mboxlist that tell it ot authenticate to the mupdate server as a specific user ? I am starting the Cyrus master process as root; could this be the problem ? Thank you very much for your insight ! -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED] PGP Pub Key: http://www.LinuxQuebec.com/pubkeys/eg.key Fingerprint: F569 0394 098A FC70 B572 5D20 3129 3D86 8FD5 C853
Re: ctl_mboxlist being run as root and CRAM-MD5 with saslauthd +LDAP
On Thu, 6 Mar 2003, Etienne Goyer wrote: --- configdirectory: /var/imap partition-default: /tmp admins: cyrus sasl_mech_list: PLAIN sasl_pwcheck_method: saslauthd --- If you're using PLAIN to authenticate to your backends, you'll need to be using 2.2 (with the TLS support for backend auth). Mupdate should be fine, however. When the master server start on the backend, the following appear in /var/log/auth.log : --- Mar 6 09:46:41 ldap1 saslauthd[1852]: Entry not found or more than one entries found (uid=root). Mar 6 09:46:41 ldap1 saslauthd[1852]: AUTHFAIL: user=root service=mupdate realm= Mar 6 09:46:41 ldap1 mupdate[2022]: Password verification failed --- This make me believe that ctl_mboxlist is being executed as root (at least, try to authenticate as root). I could not fing a switch in the man page to have it authenticate as some specific user (in my case, cyrus). Two (inelegant) solution I tried that did not work where to make ctl_mboxlist suid cyrus and executing ctl_mboxlist as cyrus with sudo in /etc/cyrus.conf. Is there s switch to ctl_mboxlist that tell it ot authenticate to the mupdate server as a specific user ? I am starting the Cyrus master process as root; could this be the problem ? Did you set the mupdate_* options in your backend's imapd.conf (specifically mupdate_authname, mupdate_password, etc). The cyrus master process should abandon its root rights as it starts the services. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper