How to make sync_client invoke STARTTLS for replication

Fri Jun 4 16:32:25 EDT 2010

On 03 Jun 2010, at 04:38, Rudy Gevaert wrote:
> master side:
> Jun  3 10:39:12 cyrdev1 maild1/sync_client[3519]: starttls: TLSv1 with
> cipher DHE-RSA-AES256-SHA (256/256 bits new client) no authentication
> Jun  3 10:40:12 cyrdev1 maild1/sync_client[3519]: Doing a peer verify
> Jun  3 10:40:12 cyrdev1 maild1/sync_client[3519]: Doing a peer verify
> Jun  3 10:40:12 cyrdev1 maild1/sync_client[3519]: Doing a peer verify
> Jun  3 10:40:12 cyrdev1 maild1/sync_client[3519]: Doing a peer verify
> Jun  3 10:40:12 cyrdev1 maild1/sync_client[3519]: received server
> certificate
> Jun  3 10:40:12 cyrdev1 maild1/sync_client[3519]: starttls: TLSv1 with
> cipher DHE-RSA-AES256-SHA (256/256 bits new client) no authentication

And that's all?  At a minimum, if authN is failing, you should get  
this syslog:

         if ((r = backend_authenticate(ret, prot, &mlist, userid,
                                       cb, auth_status))) {
             syslog(LOG_ERR, "couldn't authenticate to backend  
server: %s",
                    sasl_errstring(r, NULL, NULL));
             if (!ret_backend) free(ret);
             close(sock);
             ret = NULL;
         }

If you're not, I guess you're in some sort of loop in  
backend_authenticate().  Do you get a backtrace?

:wes