Re: Make cyradm use plain+tls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On May 2, 2006, at 3:24 PM, Perry Brown wrote:

I log into imtest:

/opt/mail/cyrus-imapd/bin/imtest -t "" -p imap -u cyrus -a cyrus -m  plain

Run
C: XFER user.vbperry server2.sub2.domain.com

and get
C: NO Server(s) unavailable to complete operation



Am I using the right auth mode? should the imtest connect or xfer command be formatted differently? I looking in the archives and could not locate the thread you mentioned, was that on list?

No, our discussion was off list.

What does syslog say (on both servers)?

We have cyrus logging to local6 so I'll assume that is what you are interested in.

On source server:
May 2 13:11:42 server1 imap[5927]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication May 2 13:11:46 server1 imap[5927]: login: localhost.localdomain [127.0.0.1] cyrimap PLAIN+TLS User logged in May 2 13:12:12 server1 imap[5927]: couldn't authenticate to backend server: generic failure May 2 13:12:12 server1 imap[5927]: Could not move mailbox: user.vbperry, Initial backend connect failed

On Destination server:
May 2 13:12:12 server2 master[6574]: about to exec /opt/mail/cyrus-imapd/bin/imapd
May  2 13:12:12 server2 imap[6574]: executed




Can you log in with imtest to the 2nd server?

Yes

server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -t "" -p imap -u cyrus -a cyrus -m plain server2.sub2
S: * OK server2.sub2.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password:   <<enter passwd for cyrus account
C: A01 AUTHENTICATE PLAIN Y3lyaW1hcABjeXJpbWFwAGpTdXZTMTFz
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256


Do you allow other SASL mechanisms? I think what we tried with Richard may have only worked since PLAIN is the only mechanism his 2nd server offered.

What other mechanism does your secondary server offer? it should be part of the CAPABILITY response when imtest logs in.


It's offering
AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5


Should the connect use plain since it is the first available? How can I disbale the other AUTH mechanisms?


Thank you
Perry


----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux