On Thu, Jul 06, 2006 at 04:38:24PM -0400, Patrick Radtke wrote: > I haven't tried it with 2.3.6, but PLAIN should work. The result seems to be the same as with MD5: ordinary user connections work fine, but admin stuff that goes through to the backends fails. PLAIN would not work at all until I enabled TLS. > I would suggest starting with > sasl_mech_list: PLAIN > > in all your imapd.conf files (make sure it says only PLAIN). > > and make sure there is no > force_sasl_client_mech > lines anywhere. > > Then make sure you can use imtest (with -m PLAIN and -t "" (for > tls)) to connect to backends, and then see if the backends will > communicate correctly. Similar results: here, frontend is the proxy authentication ID and fred@xxxxxxxx is an ordinary user. ms1.srv.tile is a backend store: imtest -t '' -m plain -u fred@xxxxxxxx -a frontend ms1.srv.tile Gave the password for 'frontend'. Connects OK, the backend logs that fred@xxxxxxxx has logged in, and an IMAP LIST command shows fred's mailboxes. imtest -t '' -m plain -u admin -a frontend ms1.srv.tile Gave the password for 'frontend'. Connects and logs in OK. Backend logs that admin has logged in, but IMAP LIST does not show anything. imtest -t '' -m plain -u admin -a admin ms1.srv.tile Gave the password for 'admin'. Connects OK, backend logs that admin has logged in, and IMAP LIST shows all mailboxes on the server. So it looks as if the backend will not accept proxied admin accounts. I am still stuck! Andrew -- ----------------------------------------------------------------------- | From Andrew Findlay, Skills 1st Ltd | | Consultant in large-scale systems, networks, and directory services | | http://www.skills-1st.co.uk/ +44 1628 782565 | ----------------------------------------------------------------------- ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html