From: Perry Brown (no email)
Date: Tue May 02 2006 - 16:19:43 EDT
>
>On May 2, 2006, at 3:24 PM, Perry Brown wrote:
>
>>I log into imtest:
>>
>>/opt/mail/cyrus-imapd/bin/imtest -t "" -p imap -u cyrus -a cyrus -m plain
>>
>>Run
>>C: XFER user.vbperry server2.sub2.domain.com
>>
>>and get
>>C: NO Server(s) unavailable to complete operation
>>
>>
>>
>>Am I using the right auth mode? should the imtest connect or xfer command
>>be formatted differently? I looking in the archives and could not locate
>>the thread you mentioned, was that on list?
>
>No, our discussion was off list.
>
>What does syslog say (on both servers)?
We have cyrus logging to local6 so I'll assume that is what you are
interested in.
On source server:
May 2 13:11:42 server1 imap[5927]: starttls: TLSv1 with cipher AES256-SHA
(256/256 bits new) no authentication
May 2 13:11:46 server1 imap[5927]: login: localhost.localdomain [127.0.0.1]
cyrimap PLAIN+TLS User logged in
May 2 13:12:12 server1 imap[5927]: couldn't authenticate to backend server:
generic failure
May 2 13:12:12 server1 imap[5927]: Could not move mailbox: user.vbperry,
Initial backend connect failed
On Destination server:
May 2 13:12:12 server2 master[6574]: about to exec
/opt/mail/cyrus-imapd/bin/imapd
May 2 13:12:12 server2 imap[6574]: executed
>
>Can you log in with imtest to the 2nd server?
Yes
server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -t "" -p imap -u cyrus -a
cyrus -m plain server2.sub2
S: * OK server2.sub2.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS
AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED
X-NETSCAPE
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN
AUTH=LOGIN AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT
LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password: <<enter passwd for cyrus account
C: A01 AUTHENTICATE PLAIN Y3lyaW1hcABjeXJpbWFwAGpTdXZTMTFz
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
>
>Do you allow other SASL mechanisms? I think what we tried with Richard may
>have only worked since PLAIN is the only mechanism his 2nd server offered.
>
>What other mechanism does your secondary server offer? it should be part
>of the CAPABILITY response when imtest logs in.
It's offering
AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5
Should the connect use plain since it is the first available? How can I
disbale the other AUTH mechanisms?
Thank you
Perry
---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|