'PLAIN encryption needed to use mechanism' error
Dan White
dwhite at olp.net
Wed Jul 29 04:20:08 EDT 2009
Blake Hudson wrote:
> -------- Original Message --------
> Subject: Re: 'PLAIN encryption needed to use mechanism' error
> From: Dan White <dwhite at olp.net> <mailto:dwhite at olp.net>
> To: Blake Hudson <blake at ispn.net> <mailto:blake at ispn.net>
> Cc: info-cyrus at lists.andrew.cmu.edu
> <mailto:info-cyrus at lists.andrew.cmu.edu>
> Date: Wednesday, July 29, 2009 2:49:51 AM
>
>
> I see your cyrus server is outputting the full mech list via 110...
> wonder why mine isn't?
>
> ------------YOURS-----
> +OK <1114961040.1248853981 at neo> neo Cyrus POP3 Murder
> v2.3.12-Debian-2.3.12-1-5
> server ready
> auth
> +OK List of supported mechanisms follows
> CRAM-MD5
> PLAIN
> GSSAPI
> OTP
> DIGEST-MD5
> LOGIN
All of these are explicitly set in my sasl_mech_list.
GSSAPI and OTP require SASL library configuration. The others, including
PLAIN/LOGIN should not.
> .
> ------------MINE-----
> +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready
> <163906105530322
> 97444.1248854211 at twinP>
> auth
> +OK List of supported mechanisms follows
> DIGEST-MD5
> CRAM-MD5
> .
Do you have either of the following specified?
sasl_minimum_layer: X
sasl_maximum_layer: X
Have you specified a '-p xxx' within cyrus.conf for imap but not pop3?
Are you using TLS/SSL when connecting via IMAP but not POP3? Sounds like
your telnetting, so that's probably not the case.
Setting "sasl_log_level: 7" in imapd.conf might provide more information
in your syslog.
>>>>
>>>>> Looks like the POP side is not advertising LOGIN/PLAIN auth types while
>>>>> the imap side is. Is this the intended behavior?
>>>>>
>>>>> In my imapd.conf i have the following mech list defined:
>>>>> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
>>>>>
>>>>> ---------------------- POP3----------------------
>>>>> +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready
>>>>> <173180331313918
>>>>> 17429.1248845988 at twinP>
>>>>> auth
>>>>> +OK List of supported mechanisms follows
>>>>> DIGEST-MD5
>>>>> CRAM-MD5
>>>>> ..
>>>>> --------------------------------------------
>>>>> ----------------------IMAP----------------------
>>>>>
>>>>> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5
>>>>> AUTH=LOGIN
>>>>> AUTH=PLAIN AUTH=CRAM-MD5 SASL-IR] twinP Cyrus IMAP4
>>>>> v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready
>>>>>
>>>>> --------------------------------------------
>>>>>
>>>>> I suppose this is likely a bad client that is not refreshing its mech
>>>>> list after the server switch, but I'd still like to know how to resolve
>>>>> the issue server side (if possible).
>>>>>
>>>>> -Blake
More information about the Info-cyrus
mailing list