Using xfer to migrate mailboxes and GSSAPI errors
Dan White
dwhite at olp.net
Thu Oct 6 23:03:34 EDT 2011
On 06/10/11 18:21 -0400, Jack Neely wrote:
>Folks,
>
>I have a specific list of user mailboxes that I need to migrate to a
>different Cyrus IMAP server. The servers are all identical running
>2.3.14. This seems like a perfect job for xfer.
>
>I've never gotten xfer to work.
>
> localhost.localdomain> xfer user.tmp00009 new-server t
> xfermailbox: Server(s) unavailable to complete operation
>
>I've got
>
> proxy_authname: cyrus
> proxy_password: <password>
> allowusermoves: yes
>
>in my imapd.conf file. (Perhaps order is important here? Do the proxy_
>parameters need to come after others? They are close to the top of the
>config file currently.)
>
>In syslog I see:
>
>imap[25032]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found)
>imap[25032]: couldn't authenticate to backend server: generic failure
>imap[25032]: Could not move mailbox: user.tmp00009, Initial backend connect failed
>
>So it looks like I'm trying to authenticate to the remote cyrus server
>by GSSAPI, and its not working. (Although we do use SASL to auth the
>cyrus account and our users.)
>
>Can someone point me in the right direction to get xfer operations
>working?
Do you have a credentials cache on the first backend, under the cyrus user?
Try:
sudo -u cyrus klist
Even though you may have a principal that the server has initialized from a
keytab, you'll also need to have a credentials cache when acting as a
client, for the move to the second backend, initialized with kinit.
--
Dan White
More information about the Info-cyrus
mailing list