Frontend couldn't authenticate to backend server: authentication failure

ellie timoney ellie at fastmail.com
Mon Jun 4 22:39:06 EDT 2018


On Mon, Jun 4, 2018, at 7:23 PM, Jean-Christophe Delaye wrote:
> Note, if I choose  login mech , it works !

I feel like I've seen something like this before.  If I recall correctly, the DIGEST-MD5 mech doesn't support proxy authentication, so if anything in your stack has this enabled (possibly by default), it can wind up trying to use that and then failing.

Our Cassandane infrastructure explicitly sets "sasl_mech_list: LOGIN PLAIN" in the imapd.conf files it uses, and judging by commit history it does this specifically to exclude DIGEST-MD5.

You won't find "sasl_mech_list" documented in the imapd.conf.5 man page, because this is a SASL option that is just passed through:

>        sasl_option: 0
>              Any SASL option can be set by preceding it with sasl_.  This  file  over‐
>              rides the SASL configuration file.

I guess you can also set it directly in your SASL configuration file, but I don't know enough about SASL to make a recommendation either way.

Cheers,

ellie


More information about the Info-cyrus mailing list