ctl_mboxlist being run as root and CRAM-MD5 with saslauthd + LDAP

2003-03-06 Thread Etienne Goyer 
Hi there,

I am setting up a Murder (cool technologie, btw) and I have a problem
I can't seem to solve by myself.  Any help would be very appreciated !

Basically, ctl_mboxlist try to authenticate as root on the MUPDATE 
master server.  Here is the revelant part of my /etc/cyrus.conf :

---
START {
  recover   cmd=ctl_cyrusdb -r
  mupdatepush   cmd=ctl_mboxlist -m
}
---

My mupdate master server authenticate thru saslauthd with LDAP.
/etc/imapd.conf on mupdate master server :

---
configdirectory: /var/imap
partition-default: /tmp
admins: cyrus
sasl_mech_list: PLAIN
sasl_pwcheck_method: saslauthd
---

When the master server start on the backend, the following appear in
/var/log/auth.log :

---
Mar  6 09:46:41 ldap1 saslauthd[1852]: Entry not found or more than one entries found 
(uid=root).
Mar  6 09:46:41 ldap1 saslauthd[1852]: AUTHFAIL: user=root service=mupdate realm=
Mar  6 09:46:41 ldap1 mupdate[2022]: Password verification failed 
---

This make me believe that ctl_mboxlist is being executed as root (at
least, try to authenticate as root).  I could not fing a switch in the
man page to have it authenticate as some specific user (in my case,
cyrus).  Two (inelegant) solution I tried that did not work where to
make ctl_mboxlist suid cyrus and executing ctl_mboxlist as cyrus with
sudo in /etc/cyrus.conf.  Is there s switch to ctl_mboxlist that tell it
ot authenticate to the mupdate server as a specific user ?  I am
starting the Cyrus master process as root; could this be the problem ?

Thank you very much for your insight !

-- 
Etienne GoyerLinux Québec Technologies Inc.
http://www.LinuxQuebec.com   [EMAIL PROTECTED]
PGP Pub Key: http://www.LinuxQuebec.com/pubkeys/eg.key 
Fingerprint: F569 0394 098A FC70 B572  5D20 3129 3D86 8FD5 C853

Re: ctl_mboxlist being run as root and CRAM-MD5 with saslauthd +LDAP

2003-03-06 Thread Rob Siemborski 
On Thu, 6 Mar 2003, Etienne Goyer wrote:

 ---
 configdirectory: /var/imap
 partition-default: /tmp
 admins: cyrus
 sasl_mech_list: PLAIN
 sasl_pwcheck_method: saslauthd
 ---

If you're using PLAIN to authenticate to your backends, you'll need to be
using 2.2 (with the TLS support for backend auth).  Mupdate should be
fine, however.

 When the master server start on the backend, the following appear in
 /var/log/auth.log :

 ---
 Mar  6 09:46:41 ldap1 saslauthd[1852]: Entry not found or more than one entries 
 found (uid=root).
 Mar  6 09:46:41 ldap1 saslauthd[1852]: AUTHFAIL: user=root service=mupdate realm=
 Mar  6 09:46:41 ldap1 mupdate[2022]: Password verification failed
 ---

 This make me believe that ctl_mboxlist is being executed as root (at
 least, try to authenticate as root).  I could not fing a switch in the
 man page to have it authenticate as some specific user (in my case,
 cyrus).  Two (inelegant) solution I tried that did not work where to
 make ctl_mboxlist suid cyrus and executing ctl_mboxlist as cyrus with
 sudo in /etc/cyrus.conf.  Is there s switch to ctl_mboxlist that tell it
 ot authenticate to the mupdate server as a specific user ?  I am
 starting the Cyrus master process as root; could this be the problem ?

Did you set the mupdate_* options in your backend's imapd.conf
(specifically mupdate_authname, mupdate_password, etc).

The cyrus master process should abandon its root rights as it starts the
services.

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper