Make cyradm use plain+tls

Patrick H Radtke phr2101 at columbia.edu
Mon May 1 21:21:41 EDT 2006 

Ken, Richard Gilbert and I had a discusion about this last week (which 
I'll try to summarize).

Here is an alternative to the stunnel stuff.

1. Use imtest to issue XFER command (c: XFER user.phr2101test bacon)
you may need to
2. Remove 'force_sasl_client_mech: plain login' from the file. This line 
will prevent plain+tls from happening correctly between backends when 
issuing XFER from 
imtest (my understanding is that the mech list is checked prior to the 
STARTTLS, and since PLAIN isn't advertised until afterwards, Cyrus thinks 
the mechanism isn't available. Removing this option prevents the mech 
list from being checked.. or something).

-PAtrick



On Mon, 1 May 2006, Perry Brown wrote:

>> From a thread last month some fine folks on this listed suggested I set up 
> tls for plain so that I could do an xfer of mailboxes from one host to 
> another.
>
> I got that set up and I am able to do an imtest from one host to the other 
> one and it gets authenticated with plain+tls.
>
> My problem now happens when going back to cyradm to do the xfer. When I log 
> into the source host I'm authenticated with plain and when I run the xfer 
> command it tries to connnect to the destination server as plain.
>
> How can I force cyradm to connect with plain+tls? Or possibly some work 
> around using Cyrus::IMAP::Shell
>
> I looked at just about every news group and website and a couple of them 
> mentioned it's not possible to force tls in cyradm but the date on those 
> sites where from a few years ago and my hope is something has changed in the 
> interum.
>
> Here is imapd.conf:
> defaultpartition: imap1
> configdirectory: /var/imap
> partition-imap1: /var/spool/imap1
> admins: cyrus support
> srvtab: /var/imap/srvtab
> quotawarn: 85
> popminpoll: 0
> autocreatequota: 30000
> sasl_pwcheck_method: saslauthd
> lmtp_over_quota_perm_failure: 1
> allowusermoves: yes
> proxy_authname: cyrus
> proxy_password: password
> force_sasl_client_mech: plain login
> tls_cert_file: /local/imap/server1.sub1.domain.com.pem
> tls_key_file: /local/imap/server1.sub1.domain.com.pem
>
> Thank you
> Perry
>
>
> ----
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>

More information about the Info-cyrus mailing list