Hi Andrew, Am Freitag, den 21.02.2014, 11:21 -0800 schrieb Andrew Morgan: > On Fri, 21 Feb 2014, Marcus Schopen wrote: > > > Hi, > > > > Am Freitag, den 21.02.2014, 17:23 +0100 schrieb Willy Offermans: > > [...] > >> > >> > >> I can answer my own question. I was indeed missing the authentication > >> mechanism. I added <sasl_mech_list: PLAIN LOGIN> to imapd.conf on the > >> back-end server and the replication worked. > >> > >> So I wonder how I can tell sync_client which authentication mechanism to > >> use? It seems like a feature request to me? or a hidden option to the > >> sync_client executable. > > > > That's an interesting question. I had a similar problem this week to > > force master and slave to sync via TLS. As long as the banner on slave > > side offered "DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN" to connection plain. > > I set "allowplaintext: no" and "sasl_mech_list: PLAIN" on slave and now > > both are talking PLAIN via TLS. So if there is an option on master side > > to force to login using eg. CRAM-MD5 then there might be an option too > > to force TLS. > > > >> I'm playing with replication now and testing what happens if one deletes > >> e-mails on the back-end server and not on the client. Will these mails be > >> restored on the back-end by replication and when? > > > > Don't understand, what is the client, the replica server? > > Have you looked at the sasl_minimum_layer option? > > sasl_minimum_layer: 0 > The minimum SSF that the server will allow a client to > negotiate. A value of 1 requires integrity protection; any > higher value requires some amount of encryption. > > > Andy Many thanks for your response. Yes, I've tried sasl_minimum_layer with values from 1 up to 100. But even then the master doesn't start a TLS connection to the replica. Hmm .... Cheers from Germany Marcus ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
