morgan at orst.edu
Thu May 14 12:33:05 EDT 2009
On Thu, 14 May 2009, Duncan Gibb wrote:
> Andrew Morgan wrote:
> AM> Does the mupdate process in a Cyrus murder actually use TLS?
> AM> And.... after a lot of digging I see that this is a known bug:
> AM> https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3119
> AM> Never mind! This sounds like an very complicated problem
> Not particularly - it's quite a small patch which goes onto 2.3.14 and
> current CVS HEAD cleanly. If there's any extra work required for it to
> be applied upstream, I'm happy to do that.
Well I'm a little scared to break things on my production cyrus site. I
don't particularly need this feature, but it was on my checklist of things
for a long time. I'm happy to wait until this code is included in a
> AM> so I'll just stay away from TLS for mupdate. Although I don't
> AM> understand why mupdate isn't having problems for me right now,
> AM> since mupdate seems to be advertising STARTTLS in the
> AM> capability string.
> If your config allows the Mupdate server to advertise a usable SASL mech
> without doing a "STARTTLS", then backend_authenticate() won't bother.
Ah, that explains it. I have allowplaintext: 1 at the moment. I'll make
a note of this though.
Thanks for your explanation!
More information about the Info-cyrus