On Thu, Feb 22, 2007 at 10:07:51PM +0000, Matt Bernstein wrote: > At 16:00 -0500 Ken Murchison wrote: > > >I still don't understand why the allow-plaintext-for-sync_client > >patch is needed. Doesn't 'sync_server -p2' accomplish the same > >thing? > > I was bitten by this today, and saw you mention this in another > thread. I don't know why, but although '-p2' made synctest work, > sync_client still seemed to insist on STARTTLS. Making a dummy > server cert "solved" the problem for me, but I'd rather use > DIGEST-MD5 auth and spare my CPU cycles for the sync processes. > > Hope that's useful, sorry it wasn't any more scientific Yeah, that sounds somewhat familiar. I remember getting really frustrated at it when I was first testing. Along the lines of "dammit, just let me tell you what I want or at least give me a meaningful error message" and decided that the level of trust that the sync process demanded for its connection wasn't really sane given that all our servers have both-direction sync and the password for all of them is "syncpasswd" or something similarly exciting. If someone can get on that network there's enough other unprotected traffic flying around that the sync_client password is going to be the least of our worries. Bron. ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
