'PLAIN encryption needed to use mechanism' error
Dan White
dwhite at olp.net
Wed Jul 29 03:49:51 EDT 2009
Blake,
What sasl lines do you have in /etc/imapd.conf. Do you have any proxies
installed?
"pop3PRTC" in your syslog looks suspicious...:
Usually, pop3 and imap will offer the same mechanisms based on this
config item:
sasl_mech_list: x x x
if this line is commented out, then sasl should attempt to initialize
all available mechs.
Be on the lookout for customization like this (which overrides the
sasl_mech_list config item):
pop3_mech_list: x x x
imap_mech_list: x x x
- Dan
Blake Hudson wrote:
> Thanks for the reply Scott. I can auth as you described using the
> User/Pass method (allowplaintext: is already set to 1 and I've also
> tried sasl_minimum_layer: 0 at the same time).
>
> My concern is that over port 110 the server is only advertising CRAM-MD5
> and DIGEST-MD5. POP3s appears to be advertising PLAIN. Why isn't PLAIN
> advertised over both?
>
> --Blake
>
> -------- Original Message --------
> Subject: Re: 'PLAIN encryption needed to use mechanism' error
> From: Scott M. Likens <damm at yazzy.org>
> To: Blake Hudson <blake at ispn.net>
> Cc: info-cyrus at lists.andrew.cmu.edu
> Date: Wednesday, July 29, 2009 1:30:46 AM
>
>> Hi Blake,
>>
>> Actually pop3 by default should be using plain, like
>>
>> damm at desolation> telnet localhost
>> pop3
>> ~
>> Trying 127.0.0.1...
>> Connected to localhost.
>> Escape character is '^]'.
>> +OK desolation Cyrus POP3 v2.3.14 server ready
>> <8505169291665378509.1248848742 at desolation>
>> user root
>> +OK Name is a valid mailbox
>> pass toor
>> +OK Mailbox locked and ready
>>
>> However, if you man imapd.conf you will notice there is such an option
>> as,
>>
>> allowplaintext: 0
>>
>> You may need to change that to 1, in order for plaintext ala pop3 to
>> work.
>>
>> Scott
>>
>> On Jul 28, 2009, at 10:44 PM, Blake Hudson wrote:
>>
>>
>>> -------- Original Message --------
>>> Subject: 'PLAIN encryption needed to use mechanism' error
>>> From: Blake Hudson <blake at ispn.net>
>>> To: info-cyrus at lists.andrew.cmu.edu
>>> Date: Wednesday, July 29, 2009 12:13:52 AM
>>>
>>>> I recently setup a new server and everything tested well. However, once
>>>> in production I am seeing errors like the following:
>>>>
>>>> pop3PRTC[20896]: badlogin: [204.x.x.x] PLAIN encryption needed to use
>>>> mechanism
>>>>
>>>>
>>>> I wasn't aware that POP utilized other mechanisms? I can login just
>>>> fine
>>>> with telnet and tbird, and cannot replicate this error myself. Any
>>>> ideas?
>>>>
>>>> --Blake
>>>>
>>>>
>>> Looks like the POP side is not advertising LOGIN/PLAIN auth types while
>>> the imap side is. Is this the intended behavior?
>>>
>>> In my imapd.conf i have the following mech list defined:
>>> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
>>>
>>> ---------------------- POP3----------------------
>>> +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready
>>> <173180331313918
>>> 17429.1248845988 at twinP>
>>> auth
>>> +OK List of supported mechanisms follows
>>> DIGEST-MD5
>>> CRAM-MD5
>>> ..
>>> --------------------------------------------
>>> ----------------------IMAP----------------------
>>>
>>> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5
>>> AUTH=LOGIN
>>> AUTH=PLAIN AUTH=CRAM-MD5 SASL-IR] twinP Cyrus IMAP4
>>> v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready
>>>
>>> --------------------------------------------
>>>
>>> I suppose this is likely a bad client that is not refreshing its mech
>>> list after the server switch, but I'd still like to know how to resolve
>>> the issue server side (if possible).
>>>
>>> -Blake
>>> ----
>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>>
>>> !DSPAM:4a6fe485262521931426455!
>>>
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090729/78afd61a/attachment.html
More information about the Info-cyrus
mailing list