On Thu, 14 May 2009, Duncan Gibb wrote: > Andrew Morgan wrote: > > AM> Does the mupdate process in a Cyrus murder actually use TLS? > > AM> And.... after a lot of digging I see that this is a known bug: > > AM> https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3119 > > AM> Never mind! This sounds like an very complicated problem > > Not particularly - it's quite a small patch which goes onto 2.3.14 and > current CVS HEAD cleanly. If there's any extra work required for it to > be applied upstream, I'm happy to do that. Well I'm a little scared to break things on my production cyrus site. I don't particularly need this feature, but it was on my checklist of things for a long time. I'm happy to wait until this code is included in a regular release. > AM> so I'll just stay away from TLS for mupdate. Although I don't > AM> understand why mupdate isn't having problems for me right now, > AM> since mupdate seems to be advertising STARTTLS in the > AM> capability string. > > If your config allows the Mupdate server to advertise a usable SASL mech > without doing a "STARTTLS", then backend_authenticate() won't bother. Ah, that explains it. I have allowplaintext: 1 at the moment. I'll make a note of this though. Thanks for your explanation! Andy ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
