Make cyradm use plain+tls
vbperry at hotmail.com
Tue May 2 15:24:22 EDT 2006
Thank you for the suggestions. I'd love to get this working without the
extra dependency of stunnel. Following on Patricks suggestion I modified
admins: cyrus support
tls_cert_file: /local/imap/server1.sub1.domain.com.pem (on the dest host
this is set to server2.sub2.domain.com.pem)
tls_key_file: /local/imap/server1.sub1.domain.com.pem (changed like above.)
I log into imtest:
/opt/mail/cyrus-imapd/bin/imtest -t "" -p imap -u cyrus -a cyrus -m plain
C: XFER user.vbperry server2.sub2.domain.com
C: NO Server(s) unavailable to complete operation
Am I using the right auth mode? should the imtest connect or xfer command be
formatted differently? I looking in the archives and could not locate the
thread you mentioned, was that on list?
Thanks for the help.
>Ken, Richard Gilbert and I had a discusion about this last week (which I'll
>try to summarize).
>Here is an alternative to the stunnel stuff.
>1. Use imtest to issue XFER command (c: XFER user.phr2101test bacon)
>you may need to
>2. Remove 'force_sasl_client_mech: plain login' from the file. This line
>will prevent plain+tls from happening correctly between backends when
>issuing XFER from imtest (my understanding is that the mech list is checked
>prior to the STARTTLS, and since PLAIN isn't advertised until afterwards,
>Cyrus thinks the mechanism isn't available. Removing this option prevents
>the mech list from being checked.. or something).
>On Mon, 1 May 2006, Perry Brown wrote:
>>>From a thread last month some fine folks on this listed suggested I set
>>tls for plain so that I could do an xfer of mailboxes from one host to
>>I got that set up and I am able to do an imtest from one host to the other
>>one and it gets authenticated with plain+tls.
>>My problem now happens when going back to cyradm to do the xfer. When I
>>log into the source host I'm authenticated with plain and when I run the
>>xfer command it tries to connnect to the destination server as plain.
>>How can I force cyradm to connect with plain+tls? Or possibly some work
>>around using Cyrus::IMAP::Shell
>>I looked at just about every news group and website and a couple of them
>>mentioned it's not possible to force tls in cyradm but the date on those
>>sites where from a few years ago and my hope is something has changed in
>>Here is imapd.conf:
>>admins: cyrus support
>>force_sasl_client_mech: plain login
>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus