Frontend couldn't authenticate to backend server: authentication failure
ellie timoney
ellie at fastmail.com
Mon Jun 4 22:39:06 EDT 2018
On Mon, Jun 4, 2018, at 7:23 PM, Jean-Christophe Delaye wrote:
> Note, if I choose login mech , it works !
I feel like I've seen something like this before. If I recall correctly, the DIGEST-MD5 mech doesn't support proxy authentication, so if anything in your stack has this enabled (possibly by default), it can wind up trying to use that and then failing.
Our Cassandane infrastructure explicitly sets "sasl_mech_list: LOGIN PLAIN" in the imapd.conf files it uses, and judging by commit history it does this specifically to exclude DIGEST-MD5.
You won't find "sasl_mech_list" documented in the imapd.conf.5 man page, because this is a SASL option that is just passed through:
> sasl_option: 0
> Any SASL option can be set by preceding it with sasl_. This file over‐
> rides the SASL configuration file.
I guess you can also set it directly in your SASL configuration file, but I don't know enough about SASL to make a recommendation either way.
Cheers,
ellie
More information about the Info-cyrus
mailing list