sasl-mech weirdness and unified murder
Janne Peltonen
janne.peltonen at helsinki.fi
Wed Mar 7 08:16:28 EST 2007
Hi!
If I have on the 'remote' backend a line such as
sasl_mech_list: DIGEST-MD5, PLAIN, LOGIN
in /etc/imapd.conf, all proxy operations fail with a message such as:
Server(s) unavailable to complete operation
and in the 'frontend' log:
Mar 7 15:08:04 m2cn1t imap[21585]: Doing a peer verify
Mar 7 15:08:04 m2cn1t imap[21585]: Doing a peer verify
Mar 7 15:08:04 m2cn1t imap[21585]: received server certificate
Mar 7 15:08:04 m2cn1t imap[21585]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authenti
cation
Mar 7 15:08:04 m2cn1t imap[21585]: couldn't authenticate to backend
server: no mechanism available
and in the 'backend' log:
Mar 7 15:08:04 m2cn2t imap[31010]: executed
Mar 7 15:08:04 m2cn2t imap[27757]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authenti
cation
However, if I have a line such as
sasl_mech_list: DIGEST-MD5
everything works perfectly, there's nothing special in the frontend log,
in the backend log:
Mar 7 15:09:20 m2cn2t imap[341]: executed
Mar 7 15:09:21 m2cn2t imap[336]: login: m2cn1t.mappi.helsinki.fi
[128.214.205.51] cyrus DIGEST-MD5 User logged in
What is going on? It even appears that plain text logins to the
'frontend' /do/ work, even while they aren't mentioned anywhere in the
config file.
--Janne
--
Janne Peltonen <janne.peltonen at helsinki.fi>
More information about the Info-cyrus
mailing list