On 03/02/11 11:25 +1030, Stephen Carr wrote: >Dear All > >I have had a problem that sync_client cannot authenticate to the >replica with a badlogin a few times and now found a workaround. What's your configuration look like on both systems? >Version of cyrus-imapd 2.4.6 and sasl 2.1.23 > >What happened (see parts of log below) > >At 10:23 added new user to sasldb2 then there is a delay before the >badlogin occurs when the sync_client does a RESTART On which system did you add the user? Did you create the user.AAAAA imap folder at the same time? Are you using any autocreate patches? >The fix was to su cyrus and run at 10:53:59 > >sync_client -o -v -l -u user.AAAAAA > >Then all was OK > >Note the sync_client has the same process ID 28563 but the syncserver >process IDs changed from 13636 to 13919 then 13925. > >The server is quite busy during this period and I noticed the log file >in the sync directory growing. > >Regards >Stephen Carr > > >Replica > >Feb 3 10:16:45 proxy syncserver[13636]: login: >brooks.civeng.adelaide.edu.au [129.127.16.1] cyrus DIGEST-MD5 User logged in >Feb 3 10:26:49 proxy syncserver[13636]: login: >brooks.civeng.adelaide.edu.au [129.127.16.1] cyrus DIGEST-MD5 User logged in >Feb 3 10:36:52 proxy syncserver[13636]: login: >brooks.civeng.adelaide.edu.au [129.127.16.1] cyrus DIGEST-MD5 User logged in >Feb 3 10:38:37 proxy syncserver[13636]: Repacking mailbox user.aaaa >Feb 3 10:46:55 proxy syncserver[13636]: badlogin: >brooks.civeng.adelaide.edu.au [129.127.16.1] DIGEST-MD5 [SASL(-17): One >time use of a plaintext password will enable requested mechanism for >user: no secret in database] I'm not understanding the bigger picture of the problem, but this error is triggered by: if (result < 0 || ((!auxprop_values[0].name || !auxprop_values[0].values) && (!auxprop_values[1].name || !auxprop_values[1].values))) { /* We didn't find this username */ sparams->utils->seterror(sparams->utils->conn, 0, "no secret in database"); result = sparams->transition ? SASL_TRANS : SASL_NOUSER; goto FreeAllMem; } in plugings/digestmd5.c, where SASL_TRANS produces the 'One time use of plaintext password...' message. The error implies you have sasl_auto_transition enabled on the replica, and that which ever user is being used to authenticate to your syncserver is not found in your auxprop store (sasldb). Maybe you're using saslauthd on the replica? -- Dan White ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/