On Mon, Jul 11, 2011 at 12:57:34PM +0300, Ivan Lezhnjov Jr. wrote: > This is a follow-up. > > I tried synctest and it basically pointed at the same issue. > > [root@imapsite-replica scripts]# synctest -a cyrusadmin -u cyrusadmin > -t "" master > S: * SASL PLAIN > S: * STARTTLS > S: * COMPRESS DEFLATE > S: * OK imapsite-master Cyrus sync server v2.4.10-Kolab-2.4.10-1 > C: STARTTLS > S: OK Begin TLS negotiation now > verify error:num=18:self signed certificate > > I can login if I omit -t "". So, I tried to disable TLS by commenting > out tls_* lines in imapd.conf of both hosts and starting the > cyrus-imap to serve only imap service (disalbed imaps, pop, etc.) > > Now, with this TLS-less configuration B switched to master outputs to logs: > > Jul 11 12:51:09 imapsite-replica sync_client[1444]: couldn't > authenticate to backend server: no mechanism available > Jul 11 12:52:39 imapsite-replica last message repeated 2 times > > and A switched to replica outputs the following: > Jul 11 12:51:09 imapsite-master syncserver[18209]: accepted connection > Jul 11 12:51:09 imapsite-master syncserver[18209]: cmdloop(): startup > Jul 11 12:51:39 imapsite-master syncserver[18209]: accepted connection > Jul 11 12:51:39 imapsite-master syncserver[18209]: cmdloop(): startup > Jul 11 12:52:39 imapsite-master syncserver[18209]: accepted connection > Jul 11 12:52:39 imapsite-master syncserver[18209]: cmdloop(): startup > > Replication doesn't succeed, obviously. Our "sync server block" looks like this: sync_server [% CONF %] -p 1 (template toolkit magic for the configuration file paths) The -p 1 is this: -p ssf Tell sync_server that an external layer exists. An SSF (security strength factor) of 1 means an integrity protection layer exists. Any higher SSF implies some form of privacy protection. So -p 1 allows plaintext authentication to succeed without TLS. Bron. ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/