sry started elaborating on the falback auth method because you mentioned it
so you'd have like:
imapsync --host1 source.server.com --user1 username --authuser1 adminusername --password1 adminpassword --ssl1 --port1 993 --host2 destination.server.com --user2 username --password2 password --authmech2 PLAIN --ssl2 --port2 993 --syncinternaldates --subscribe --nosyncacls
or
imapsync --syncinternaldates --subscribed --host1 sourceserver --host2 destinationserver --user1 userAcctSrc --authuser1 adminUserSrc --password1 adminPassDest --user2 useracctondest --authuser2 adminUserDest --password2 adminPassDest --ssl1 --port1 num --ssl2 --port2
or you could still manipulate shadow files on the source servers if you want
be sure zimbraImapSSLServerEnabled is set to TRUE
AUTH=PLAIN requires TLS encoding, so an IMAPs or STARTTLS command on a normal IMAP connection |