replication : Authentication failed. no mechanism available
Patrice
gopat at nicematin.fr
Thu Dec 15 07:26:06 EST 2005
I did that:
openssl req -new -nodes -out server.csr -keyout server.key
openssl x509 -in server.csr -out server.crt -req -signkey server.key
-days 9999 (as it is only a test server I have self signed my
certificate)
cat server.key server.crt > server.pem
chmod 600 server.pem
chown cyrus server.pem
moved the file into /cyrus-imap/etc/ssl
and in my imapd.conf:
tls_cipher_list: TLSv1 :SSLv3 :SSLv2 : !DES : !LOW :@STRENGTH
tls_ca_file: /cyrus-imap/etc/ssl/server.pem
tls_cert_file: /cyrus-imap/etc/ssl/server.pem
tls_key_file: /cyrus-imap/etc/ssl/server.pem
I have tested the replication and it works well !
Simon Matter wrote:
>>I have created my self signed certificate and now it works !!
>>
>>
>
>Where did you put and how did you specify the self signed certificate?
>
>Thanks,
>Simon
>
>
>
>>synctest -u cyrus -a cyrus -m PLAIN -t "" mailsrv
>>
>>S: * STARTTLS
>>S: * OK mailsrv Cyrus sync server v2.3.0
>>C: STARTTLS
>>S: OK Begin TLS negotiation now
>>verify error:num=18:self signed certificate
>>TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
>>S: * SASL PLAIN
>>S: * OK mailsrv Cyrus sync server v2.3.0
>>Please enter your password:
>>C: AUTHENTICATE PLAIN Y3lydYMAY3LydXMBZ3Q0M2RpMTM=
>>S: OK Success (tls protection)
>>Authenticated.
>>Security strength factor: 256
>>
>>
>>now I will try to validate the replication with cyrus.
>>
>>Thank you very much for your great help !!
>>
>>Patrice
>>
>>Patrick H Radtke wrote:
>>
>>
>>
>>>Looking a bit more at this:
>>>
>>>Our sync server does advertise the correct mechanism
>>>
>>>synctest -m PLAIN -t "" alpenwurst2
>>>S: * SASL GSSAPI
>>>S: * STARTTLS
>>>S: * OK alpenwurst2.cc.columbia.edu Cyrus sync server v2.3-alpha
>>>C: STARTTLS
>>>S: OK Begin TLS negotiation now
>>>verify error:num=19:self signed certificate in certificate chain
>>>TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
>>>S: * SASL PLAIN GSSAPI
>>>S: * OK alpenwurst2.cc.columbia.edu Cyrus sync server v2.3-alpha
>>>Please enter your password:
>>>
>>>My quick guess is your only mechanism is PLAIN and since you didn't
>>>specify -t "" to do a TLS connection, PLAIN is not being advertised.
>>>That leaves you with no mechanisms left and just the error.
>>>
>>>Try the '-t ""' and maybe a '-m PLAIN' and let me know how it goes.
>>>
>>>-Patrick
>>>
>>>
>>>
>>>
>>>On Wed, 14 Dec 2005, Patrice wrote:
>>>
>>>
>>>
>>>>Hi,
>>>>
>>>>I try to install the the new version of cyrus-imap to use the
>>>>replication.
>>>>
>>>>but I can't authenticate on my replica server:
>>>>
>>>>here is the error in the log:
>>>>
>>>>sync_client[26757]: couldn't authenticate to backend server: no
>>>>mechanism available
>>>>
>>>>
>>>>here is the result of the synctest:
>>>>
>>>>S: * OK mailsrv Cyrus sync server v2.3.0
>>>>Authentication failed. no mechanism available
>>>>Security strength factor: 0
>>>>
>>>>
>>>>it seems the auth mechs are not advertised
>>>>
>>>>I use saslauthd for my imap+pop auth and it works fine.
>>>>
>>>>there should be a special option for the advertising of mechs but I
>>>>haven't found the option
>>>>
>>>>
>>>>Help would be appreciated
>>>>
>>>>thanks in advance
>>>>
>>>>Patrice
>>>>
>>>>
>>>>
>>>>----
>>>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>----
>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>>
>>
>
>
>
>
More information about the Info-cyrus
mailing list