replication does not work
Marcus Schopen
lists at localguru.de
Fri Feb 21 17:25:47 EST 2014
Hi Andrew,
Am Freitag, den 21.02.2014, 11:21 -0800 schrieb Andrew Morgan:
> On Fri, 21 Feb 2014, Marcus Schopen wrote:
>
> > Hi,
> >
> > Am Freitag, den 21.02.2014, 17:23 +0100 schrieb Willy Offermans:
> > [...]
> >>
> >>
> >> I can answer my own question. I was indeed missing the authentication
> >> mechanism. I added <sasl_mech_list: PLAIN LOGIN> to imapd.conf on the
> >> back-end server and the replication worked.
> >>
> >> So I wonder how I can tell sync_client which authentication mechanism to
> >> use? It seems like a feature request to me? or a hidden option to the
> >> sync_client executable.
> >
> > That's an interesting question. I had a similar problem this week to
> > force master and slave to sync via TLS. As long as the banner on slave
> > side offered "DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN" to connection plain.
> > I set "allowplaintext: no" and "sasl_mech_list: PLAIN" on slave and now
> > both are talking PLAIN via TLS. So if there is an option on master side
> > to force to login using eg. CRAM-MD5 then there might be an option too
> > to force TLS.
> >
> >> I'm playing with replication now and testing what happens if one deletes
> >> e-mails on the back-end server and not on the client. Will these mails be
> >> restored on the back-end by replication and when?
> >
> > Don't understand, what is the client, the replica server?
>
> Have you looked at the sasl_minimum_layer option?
>
> sasl_minimum_layer: 0
> The minimum SSF that the server will allow a client to
> negotiate. A value of 1 requires integrity protection; any
> higher value requires some amount of encryption.
>
>
> Andy
Many thanks for your response.
Yes, I've tried sasl_minimum_layer with values from 1 up to 100. But
even then the master doesn't start a TLS connection to the replica.
Hmm ....
Cheers from Germany
Marcus
More information about the Info-cyrus
mailing list