I did that:
openssl req -new -nodes -out server.csr -keyout server.key
openssl x509 -in server.csr -out server.crt -req -signkey server.key
-days 9999 (as it is only a test server I have self signed my
certificate)
cat server.key server.crt > server.pem
chmod 600 server.pem
chown cyrus server.pem
moved the file into /cyrus-imap/etc/ssl
and in my imapd.conf:
tls_cipher_list: TLSv1 :SSLv3 :SSLv2 : !DES : !LOW :@STRENGTH
tls_ca_file: /cyrus-imap/etc/ssl/server.pem
tls_cert_file: /cyrus-imap/etc/ssl/server.pem
tls_key_file: /cyrus-imap/etc/ssl/server.pem
I have tested the replication and it works well !
Simon Matter wrote:
I have created my self signed certificate and now it works !!
Where did you put and how did you specify the self signed certificate?
Thanks,
Simon
synctest -u cyrus -a cyrus -m PLAIN -t "" mailsrv
S: * STARTTLS
S: * OK mailsrv Cyrus sync server v2.3.0
C: STARTTLS
S: OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * SASL PLAIN
S: * OK mailsrv Cyrus sync server v2.3.0
Please enter your password:
C: AUTHENTICATE PLAIN Y3lydYMAY3LydXMBZ3Q0M2RpMTM=
S: OK Success (tls protection)
Authenticated.
Security strength factor: 256
now I will try to validate the replication with cyrus.
Thank you very much for your great help !!
Patrice
Patrick H Radtke wrote:
Looking a bit more at this:
Our sync server does advertise the correct mechanism
synctest -m PLAIN -t "" alpenwurst2
S: * SASL GSSAPI
S: * STARTTLS
S: * OK alpenwurst2.cc.columbia.edu Cyrus sync server v2.3-alpha
C: STARTTLS
S: OK Begin TLS negotiation now
verify error:num=19:self signed certificate in certificate chain
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * SASL PLAIN GSSAPI
S: * OK alpenwurst2.cc.columbia.edu Cyrus sync server v2.3-alpha
Please enter your password:
My quick guess is your only mechanism is PLAIN and since you didn't
specify -t "" to do a TLS connection, PLAIN is not being advertised.
That leaves you with no mechanisms left and just the error.
Try the '-t ""' and maybe a '-m PLAIN' and let me know how it goes.
-Patrick
On Wed, 14 Dec 2005, Patrice wrote:
Hi,
I try to install the the new version of cyrus-imap to use the
replication.
but I can't authenticate on my replica server:
here is the error in the log:
sync_client[26757]: couldn't authenticate to backend server: no
mechanism available
here is the result of the synctest:
S: * OK mailsrv Cyrus sync server v2.3.0
Authentication failed. no mechanism available
Security strength factor: 0
it seems the auth mechs are not advertised
I use saslauthd for my imap+pop auth and it works fine.
there should be a special option for the advertising of mechs but I
haven't found the option
Help would be appreciated
thanks in advance
Patrice
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
