Maybe you need to upgrade the mupdate master to 2.3.16 first? Andy On Thu, 7 Oct 2010, Michael D. Sofka wrote: > Additional information. Recall that: > >> I am in the process of upgrading our cyrus aggregation from 2.2.12 to >> 2.3.16. I have installed cyrus 2.3.16 on a new back-end server, and it >> appears fine. I can create accounts on the server, read email from >> them, etc. >> >> Now I am attempting to place the new back-end server into our >> aggregation so I can begin migrating accounts off the current back-end >> server. It appears the new back-end is not able to authenticate to the >> mupdate server. > > On the existing 2.2.12 back-end server I can run: > > mupdatetest -v -p 3905 -a g_murder imap-fe1.server.rpi.edu > > And, it connects, and logs onto the front-end server. If I run: > > mupdatetest -v -t '' -p 3905 -a g_murder imap-fe1.server.rpi.edu > > It does the same with TLS. > > > Trying this on the 2.3.16 server, built from Simon Matter's source RPM > on a RE5 server I get: > > Hacker[901]:mupdatetest -v -p 3905 -a g_murder imap-fe1.server.rpi.edu > S: * AUTH "LOGIN" "PLAIN" > S: * STARTTLS > S: * PARTIAL-UPDATE > S: * OK MUPDATE "imap-fe1.server.rpi.edu" "Cyrus Murder" > "v2.2.12-Invoca-RPM-2.2.12-20" "(master)" > Authentication failed. no mechanism available > Security strength factor: 0 > > Note "no mechanisms available." But, I can run the AUTHENTICATE > command with either the PLAIN or LOGIN options, I can authenticate just > fine. Same with the -t '' option, except it goes through TLS first. > > > Running: > > ctl_mboxlist -cw > > returns: > > couldn't connect to mupdate server > > And syslog reports: > > Oct 7 16:23:56 imap-be4 ctl_mboxlist[916]: starttls: TLSv1 with cipher > AES256-SHA (256/256 bits new client) no authentication > Oct 7 16:23:56 imap-be4 ctl_mboxlist[916]: couldn't authenticate to > backend server: no mechanism available > Oct 7 16:23:56 imap-be4 ctl_mboxlist[916]: mupdate_connect failed: > SASL(-4): no mechanism available: No worthy mechs found > > > "No worthy mechs found" This seems to be saying that ctl_mboxlist > doesn't like PLAIN or LOGIN. If so, then what does it want? > > > For incoming connections, there appears to be a similar problem. When I > attempt an xfer from the 2.2.12 back-end to the 2.3.16 back-end the > transfer fails with the message: > > xfermailbox: Server(s) unavailable to complete operation > > and the 2.3.16 syslog reports: > > Oct 7 16:27:33 imap-be4 imap[830]: accepted connection > Oct 7 16:27:33 imap-be4 master[942]: about to exec > /usr/lib/cyrus-imapd/imapd > Oct 7 16:27:33 imap-be4 imap[942]: executed > Oct 7 16:27:33 imap-be4 imap[830]: skiplist: checkpointed > /var/lib/imap/tls_sessions.db (6 records, 1240 bytes) in 0 seconds > Oct 7 16:27:33 imap-be4 imap[830]: imapd:Loading hard-coded DH parameters > Oct 7 16:27:33 imap-be4 imap[830]: SSL_accept() incomplete -> wait > Oct 7 16:27:33 imap-be4 imap[830]: SSL_accept() succeeded -> done > Oct 7 16:27:33 imap-be4 imap[830]: starttls: TLSv1 with cipher > DHE-RSA-AES256-SHA (256/256 bits new) no authentication > > > I've configured saslauthd to use PAM, and PAM to use pam_unix.so. And, > as noted, authentication does work. > > Mike > > -- > Michael D. Sofka sofkam@xxxxxxx > C&MT Sr. Systems Programmer, Email, HPC, TeX, Epistemology > Rensselaer Polytechnic Institute, Troy, NY. http://www.rpi.edu/~sofkam/ > ---- > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > > ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
