Blake Hudson wrote: > -------- Original Message -------- > Subject: Re: 'PLAIN encryption needed to use mechanism' error > From: Dan White <dwhite@xxxxxxx> > To: Blake Hudson <blake@xxxxxxxx> > Cc: info-cyrus@xxxxxxxxxxxxxxxxxxxx > Date: Wednesday, July 29, 2009 3:20:08 AM > > ------------ NO SSL ------------ > root@twinp src]# pop3test -m PLAIN -a xxx mail.xxx.com > S: +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready > <12408582082392233762.1248855924@twinP> > C: CAPA > S: +OK List of capabilities follows > S: SASL DIGEST-MD5 CRAM-MD5 > S: STLS > S: EXPIRE NEVER > S: LOGIN-DELAY 0 > S: TOP > S: UIDL > S: PIPELINING > S: RESP-CODES > S: AUTH-RESP-CODE > S: USER > S: IMPLEMENTATION Cyrus POP3 server v2.3.7-Invoca-RPM-2.3.7-2.el5 > S: . > Please enter your password: > C: AUTH PLAIN xxxuc3Rlc3QAdGVzdDEyMw== > S: -ERR [AUTH] authenticating: encryption needed to use mechanism > Authentication failed. generic failure > Security strength factor: 0 > quit > +OK > Connection closed. > ------------ SSL ------------ > [root@twinp src]# pop3test -s -m PLAIN -a xxxmail.xxx.com > verify error:num=18:self signed certificate > TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) > S: +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready > <832124781731685216.1248855943@twinP> > C: CAPA > S: +OK List of capabilities follows > S: SASL DIGEST-MD5 LOGIN PLAIN CRAM-MD5 > S: EXPIRE NEVER > S: LOGIN-DELAY 0 > S: TOP > S: UIDL > S: PIPELINING > S: RESP-CODES > S: AUTH-RESP-CODE > S: USER > S: IMPLEMENTATION Cyrus POP3 server v2.3.7-Invoca-RPM-2.3.7-2.el5 > S: . > Please enter your password: > C: AUTH PLAIN xxxuc3Rlc3QAdGVzdDEyMw== > S: +OK Mailbox locked and ready > Authenticated. > Security strength factor: 256 > quit > +OK > Connection closed. > ------------------------- > > > It sure seems like pop is picking up on different sasl security settings > (such as the sasl_minimum_layer or the noplaintextwithouttls option). > However, IMAP seems to obey these just fine as configured with the same > config file. > > Agreed. A possible work around until you figure out the issue would be to add '-p 256' within cyrus.conf, for your pop3 entry (see man pop3d). That would emulate a sasl security layer of 256 bits, and would be treated as if you had connected via SSL when you hadn't. - Dan ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
