Kerberize MS Exchange?
Markus Moeller
huaraz at moeller.plus.com
Mon Oct 13 14:14:43 EDT 2008
Victor,
I can also confirm that Thunderbird works with GSSAPI/SSPI on XP against the
Cyrus IMAP server. ( I just downloaded Thunderbird and did not modify any
settings other then adding the account details)
Markus
"Markus Moeller" <huaraz at moeller.plus.com> wrote in message
news:2ZWdnVsd_tIAj2_VnZ2dneKdnZydnZ2d at posted.plusnet...
>I use it against Cyrus IMAP v2.3.12p2 server (both client and server on
>Linux) with AD as kdc.
>
> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5
> AUTH=PLAIN AUTH=GSSAPI AUTH=CRAM-MD5 SASL-IR] imap.server.home Cyrus IMAP
> v2.3.12p2 server ready
> 1 capability
> * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5
> AUTH=PLAIN AUTH=GSSAPI AUTH=CRAM-MD5 SASL-IR ACL RIGHTS=kxte QUOTA
> MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
> MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT
> THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT
> LIST-SUBSCRIBED URLAUTH
> 1 OK Completed
> 2 authenticate GSSAPI
> + YIIGjwYJKoZIhv....
> + YIGDBgk....
> + YDAGCSqGSIb3EgE....
> 2 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte
> QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT
> CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT
> THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT
> LIST-SUBSCRIBED URLAUTH] Success (no protection)
>
> .
> .
>
> Markus
>
> "Victor Sudakov" <vas at mpeks.no-spam-here.tomsk.su> wrote in message
> news:gcs72m$2ci$1 at relay.tomsk.ru...
>> Victor Sudakov wrote:
>>> > >
>>> > >> Incidentally, I have been informed off-list that newer versions of
>>> > >> Exchange's IMAP implementation actually do support Kerberos via
>>> > >> GSSAPI.
>>> > >
>>> > > And what win32 IMAP clients can authenticate with GSSAPI?
>>
>>> > Thunderbird is reported to be able to do this:
>>> > http://kb.mozillazine.org/Network.auth.use-sspi
>>
>>> > I have not tried it, but it looks promising.
>>
>>> I have tried Thunderbird 2.0.0.14 for Windows with
>>> network.auth.use-sspi set to either true or false.
>>
>>> Ethereal does not see Thunderbird requesting any tickets for
>>> imap/relay2.tomsk.ru from AD. It just keeps asking for my password and
>>> does not create any traffic to the DC. Am I missing something?
>>
>> Is there anyone for whom Thunderbird with GSSAPI really works?
>> I hope it is not just theory, someone is using it or has tested it?
>>
>> --
>> Victor Sudakov, VAS4-RIPE, VAS47-RIPN
>> 2:5005/49 at fidonet http://vas.tomsk.ru/
>
More information about the Kerberos
mailing list