Thu Jan 24 17:39:13 PST 2002 — We have identified the root cause of the authentication failures after a lot of head scratching and bug crushing. As it turned out the problem was not where we were focusing our attention, the RADIUS authentication servers, or cucipop, the POP3 server software, but the underlying NIS libraries on our administrative server where the POP3 servers were being compiled. As it turns out the unthinkable was occurring: getpwnam() was not returning the correct struct to cucipop and hence the RADIUS server was receiving the wrong username with the right password. Compiling cucipop on a mail server resolved the bug and fixed all of the failures. Special kudos to Nathan for his diligence in tracking this problem down to it’s end! Before identifying that it was a core system library problem we replaced ypbind and ypserv, the NIS processes which resolve usernames on our servers, with new versions. Although it didn’t resolve the problems it turned out to be a good upgrade anyway since the new versions appear to perform better than the old. We made numerous other bug fixes and upgrades to cucipop and our RADIUS authentication library as well, including the use of proper serialized sequence numbers.
There are public stats available in Cricket at www.sonic.net/stats which show the dramatic drop in errors on the POP3 server. (Servers -> Mail -> ‘Mail Server Aggregate’ Errors)
-Kelsey, Nathan, Russ, Matt and Scott