We have physical Zimbra servers, but we are trying to virtualize our application servers. Our app servers host our Web site, which we integrate with Zimbra via the preauth mechanism. Unfortunately, in our tests we're seeing intermittent problems with preauth failing for users on our virtual app servers. We see statements like this in our mailbox.log files on our Zimbra servers (some info redacted):
authentication failed for user-AT-domain.com, preauth timestamp is too old, server time: Mon Sep 27 14:20:49 PDT 2010, preauth timestamp: Mon Sep 27 14:26:01 PDT 2010
There are basic issues with keeping the system clock running the same on virtual servers as on physical servers, so I suspect we might have similar problems if we had physical app servers and virtual Zimbra servers. Is there some way to relax the 5 minute time window for the preauth token? Or is there some other way to do preauth with Zimbra that won't break if the system clocks on the various systems drift out of sync?
preauth too old when using virtualization?
preauth too old when using virtualization?
I think you are working the wrong side of the problem.
-
- Advanced member
- Posts: 187
- Joined: Fri Sep 12, 2014 11:45 pm
- ZCS/ZD Version: Release 8.6.0.GA.1153.UBUNTU12.64 U
preauth too old when using virtualization?
I would check expiration settings, which you provide by preauth token and methods of generating token timestamp in your web applications.
Yes, there can be a time fluctuations on virtual systems, but not so big, as in your mentioned log file, if you deal with these issues using timeservers. You can correct time frequently.
The other way is to use Zimbra LDAP for user authentication from external web app. There are some issues concerning new user registration and password sync between systems, but that is another discussion.
Yes, there can be a time fluctuations on virtual systems, but not so big, as in your mentioned log file, if you deal with these issues using timeservers. You can correct time frequently.
The other way is to use Zimbra LDAP for user authentication from external web app. There are some issues concerning new user registration and password sync between systems, but that is another discussion.
preauth too old when using virtualization?
We're working on solving the system clock issues on the VM host side, but I was just curious if there were any other simple solutions on the Zimbra/preauth side. Thanks for your replies.