On 06/04/13 16:29 +0100, Karl Pielorz wrote:
Hi,
I've got my two 2.4.17 servers 'tantalisingly' close to replicating -
I created a 'replication' user on both (using 'saslpasswd2').
This user is allowed 'admin' access (in imapd.conf). Additionally on
the master I've set:
"
sync_host: my-replica-server.com
sync_authname: replication-user
sync_password: thepassword
sync_compress: 1
"
Running 'sync_client' on the Master though nets:
"
% /usr/local/cyrus/bin/sync_client -v -u user.kpielorz
Can not connect to server 'my-replica-server.com', retrying in 15 seconds
"
Syslog shows:
"
Jun 4 16:13:15 sync_client[37354]: GSSAPI client step 1
Jun 4 16:13:15 sync_client[37354]: GSSAPI Error: An unsupported
mechanism was requested (unknown mech-code 0 for mech unknown)
Jun 4 16:13:15 sync_client[37354]: couldn't authenticate to backend
server: generic failure
"
The 'unknown mech-code 0 for mech unknown' is likely being generated from
your kerberos shared libraries. Check your KDC server logs, and google for
that error message.
The replica doesn't appear to log anything - we only use 'simple'
saslpasswd2 authentication on the servers (no LDAP / database
backend) - any suggestions on where to start looking to fix this?
Oh, so you don't really want to use gssapi?
On your sync server (replica), you can restrict which sasl mechanisms are
offered.
Assuming that you have named your sync server 'syncserver' in your
/etc/cyrus.conf, configure /etc/imapd.conf with:
syncserver_sasl_mech_list: digest-md5
Additionally in cyrus.conf we only bind imap to 127.0.0.1 -
imaps/pop3s are used for off-host connections (in case that's an
issue?)
--
Dan White
