SASL minimum layer used to work at 256, but now requires 1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I recently upgraded a CentOS 7 Cyrus 2.4.17 system with Murder and Kerberos and ran into lots of issues with the new packages. What's really puzzling though is although I used to be able to use a SASL minimum layer of 256 (I'm using TLS with GSSAPI for auth), I now must use 1 for the front-ends and backends communicating to the mupdate server. I've run into SASL package issues before (2.1.23 to 2.1.26 was a mess) and had to actually revert to an older version so I'm thinking that might be the problem. However, when I use mupdatetest and imtest, everything works perfectly. It's only when I fire up the daemons themselves that I see:

Jun  1 23:53:21 imap mupdate[19865]: couldn't authenticate to backend server: mechanism too weak for this user
Jun  1 23:53:21 imap mupdate[19865]: mupdate_connect failed: no auth status
Jun  1 23:53:21 imap mupdate[19865]: couldn't connect to mupdate server
Jun  1 23:53:21 imap mupdate[19865]: retrying connection to mupdate server in 27 seconds

If I grab a ticket and mupdatetest -m GSSAPI -t '' mupdate.test.net with a 256 min layer, I get in perfectly. So perhaps it's a change/new config issue in cyrus-imap this time around?

I'm using cyrus-imapd-2.4.17-13 and cyrus-sasl-2.1.26-23 versions of the various package sets.

Steve
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux