'PLAIN encryption needed to use mechanism' error

Dan White dwhite at olp.net
Wed Jul 29 05:01:19 EDT 2009 

Blake Hudson wrote:
>> Agreed. A possible work around until you figure out the issue would be 
>> to add '-p 256' within cyrus.conf, for your pop3 entry (see man pop3d).
>>
>> That would emulate a sasl security layer of 256 bits, and would be 
>> treated as if you had connected via SSL when you hadn't.
>>
>> - Dan
>>     
>
> That does indeed resolve the issue, so do you think this is a Cyrus SASL 
> problem or a Cyrus IMAP (POP) problem?
>
> Also, do you have the same -p option specified? I'm wondering if others 
> are experiencing the same problem - all of our servers are on the same 
> version of cyrus 2.3.7 (from RHEL) or older and seem to exhibit the same 
> behavior.
>
> --Blake
>   

I do not have it specified on my primary cyrus store.

My relevant configuration:

neo:~# grep 'sasl\|plaintext' /etc/imapd.conf | grep -v '^#'
allowplaintext: yes
sasl_mech_list: LOGIN PLAIN CRAM-MD5 DIGEST-MD5 GSSAPI OTP EXTERNAL
sasl_pwcheck_method: auxprop saslauthd
sasl_keytab: /etc/krb5.keytab-mailstore
sasl_auxprop_plugin: ldapdb
sasl_ldapdb_uri: ldap://hiro.olp.net ldap://ando.olp.net
sasl_ldapdb_mech: GSSAPI
sasl_ldapdb_canon_attr: uid
pop3_sasl_canon_user_plugin: ldapdb
sasl_log_level: 7
sasl_auto_transition: no

neo:~# cat /etc/cyrus.conf | grep -v '#' | grep 'pop\|imap'
    imap        cmd="imapd -U 30 -D" listen="imap" prefork=0 maxchild=200
    imapunix        cmd="imapd -U 30" 
listen="/var/run/cyrus/socket/imap" prefork=0 maxchild=100
    imaps        cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=200
    pop3        cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=200
    pop3unix        cmd="pop3d -U 30" 
listen="/var/run/cyrus/socket/pop3" prefork=0 maxchild=100
    pop3s        cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=100

I'm running version 2.3.12.

However, on an older server, I *do* have the -p option specified for my 
imap sessions, probably because I ran into a similar situation as you, 
but I was too lazy dig in to the real issue. That server is running 
2.3.10, and has this configuration (i don't use pop3 on this server):

gandalf:~# grep 'sasl\|plaintext' /etc/imapd.conf | grep -v '^#'
allowplaintext: yes
sasl_mech_list: PLAIN GSSAPI
sasl_pwcheck_method: saslauthd
sasl_keytab: /etc/krb5.keytab-mailstore
sasl_auto_transition: no


gandalf:~# cat /etc/cyrus.conf | grep -v '#' | grep 'pop\|imap'
    imap        cmd="imapd -U 30 -p 256 -D" listen="imap" prefork=0 
maxchild=100 provide_uuid=2
    imapunix    cmd="imapd -U 30 -p 256 -D" 
listen="/var/run/cyrus/socket/imap" prefork=0 maxchild=100 provide_uuid=2
    imaps        cmd="imapd -s -U 30" listen="imaps" prefork=0 
maxchild=100 provide_uuid=2
    pop3        cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50 
provide_uuid=2
    pop3s        cmd="pop3d -s -U 30" listen="pop3s" prefork=0 
maxchild=50 provide_uuid=2


- Dan

More information about the Info-cyrus mailing list