Results 1 to 4 of 4

Thread: preauth too old when using virtualization?

  1. #1
    Join Date
    Oct 2005
    Location
    Emeryville, CA US
    Posts
    22
    Rep Power
    10

    Default preauth too old when using virtualization?

    We have physical Zimbra servers, but we are trying to virtualize our application servers. Our app servers host our Web site, which we integrate with Zimbra via the preauth mechanism. Unfortunately, in our tests we're seeing intermittent problems with preauth failing for users on our virtual app servers. We see statements like this in our mailbox.log files on our Zimbra servers (some info redacted):

    authentication failed for user-AT-domain.com, preauth timestamp is too old, server time: Mon Sep 27 14:20:49 PDT 2010, preauth timestamp: Mon Sep 27 14:26:01 PDT 2010

    There are basic issues with keeping the system clock running the same on virtual servers as on physical servers, so I suspect we might have similar problems if we had physical app servers and virtual Zimbra servers. Is there some way to relax the 5 minute time window for the preauth token? Or is there some other way to do preauth with Zimbra that won't break if the system clocks on the various systems drift out of sync?

  2. #2
    Join Date
    Feb 2006
    Posts
    92
    Rep Power
    9

    Default

    I think you are working the wrong side of the problem.
    Patricio Bruna
    http://www.itlinux.cl

  3. #3
    Join Date
    Sep 2008
    Location
    Latvia
    Posts
    165
    Rep Power
    7

    Default

    I would check expiration settings, which you provide by preauth token and methods of generating token timestamp in your web applications.

    Yes, there can be a time fluctuations on virtual systems, but not so big, as in your mentioned log file, if you deal with these issues using timeservers. You can correct time frequently.

    The other way is to use Zimbra LDAP for user authentication from external web app. There are some issues concerning new user registration and password sync between systems, but that is another discussion.

  4. #4
    Join Date
    Oct 2005
    Location
    Emeryville, CA US
    Posts
    22
    Rep Power
    10

    Default

    We're working on solving the system clock issues on the VM host side, but I was just curious if there were any other simple solutions on the Zimbra/preauth side. Thanks for your replies.

Similar Threads

  1. Preauth and REST in one request?
    By brharp in forum Developers
    Replies: 1
    Last Post: 12-09-2009, 07:06 AM
  2. Preauth into simple client
    By Jakob Simon-Gaarde in forum Developers
    Replies: 1
    Last Post: 04-15-2008, 01:09 PM
  3. [SOLVED] Another PHP Preauth example
    By riogd in forum Developers
    Replies: 0
    Last Post: 02-22-2008, 05:48 PM
  4. Preauth documentation improvements
    By riogd in forum Developers
    Replies: 0
    Last Post: 02-22-2008, 05:10 PM
  5. Bug with preauth mechanism and SOAP headers?
    By Coilcore in forum Developers
    Replies: 3
    Last Post: 07-20-2006, 11:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •