sync_client fails with GSSAPI error 'unknown mech-code 0 for mech unknown'

Dan White dwhite at olp.net
Wed Jun 5 10:09:09 EDT 2013


On 06/05/13 10:13 +0100, Karl Pielorz wrote:
>
>
>--On 04 June 2013 11:49 -0500 Dan White <dwhite at olp.net> wrote:
>
>>>The replica doesn't appear to log anything - we only use 'simple'
>>>saslpasswd2 authentication on the servers (no LDAP / database
>>>backend) - any suggestions on where to start looking to fix this?
>>
>>Oh, so you don't really want to use gssapi?
>
>We've never used it before - we just setup accounts with 'saslpasswd2 
>-c' - no kerberos, ldap or anything.
>
>>On your sync server (replica), you can restrict which sasl mechanisms are
>>offered.
>>
>>Assuming that you have named your sync server 'syncserver' in your
>>/etc/cyrus.conf, configure /etc/imapd.conf with:
>
>I have to 'name' my sync server, in cyrus.conf? - how?
>
>In the end I resolved this by simply making sure 'sasl_mech_list' 
>only listed what we use...

You can configure sasl_mech_list per service.

Within your /etc/cyrus.conf, you may have something like:

     imap             cmd="imapd -U 30 -D" listen="imap" prefork=0
     pop3             cmd="pop3d -U 30" listen="pop3" prefork=0
     syncserver       cmd="/usr/lib/cyrus/bin/sync_server" listen="csync"

within your services section. 'imap', 'pop3', and 'syncserver' are the
names of the services, which can be referenced within /etc/imapd.conf
like this:

syncserver_sasl_mech_list: digest-md5

On the next spawn of that service, libsasl2 will only initialize the
specified mechanisms.

-- 
Dan White


More information about the Cyrus-devel mailing list