On 06/05/13 10:13 +0100, Karl Pielorz wrote:
--On 04 June 2013 11:49 -0500 Dan White <[email protected]> wrote:
The replica doesn't appear to log anything - we only use 'simple'
saslpasswd2 authentication on the servers (no LDAP / database
backend) - any suggestions on where to start looking to fix this?
Oh, so you don't really want to use gssapi?
We've never used it before - we just setup accounts with 'saslpasswd2
-c' - no kerberos, ldap or anything.
On your sync server (replica), you can restrict which sasl mechanisms are
offered.
Assuming that you have named your sync server 'syncserver' in your
/etc/cyrus.conf, configure /etc/imapd.conf with:
I have to 'name' my sync server, in cyrus.conf? - how?
In the end I resolved this by simply making sure 'sasl_mech_list'
only listed what we use...
You can configure sasl_mech_list per service.
Within your /etc/cyrus.conf, you may have something like:
imap cmd="imapd -U 30 -D" listen="imap" prefork=0
pop3 cmd="pop3d -U 30" listen="pop3" prefork=0
syncserver cmd="/usr/lib/cyrus/bin/sync_server" listen="csync"
within your services section. 'imap', 'pop3', and 'syncserver' are the
names of the services, which can be referenced within /etc/imapd.conf
like this:
syncserver_sasl_mech_list: digest-md5
On the next spawn of that service, libsasl2 will only initialize the
specified mechanisms.
--
Dan White
