Kerberize MS Exchange?

Markus Moeller huaraz at moeller.plus.com
Mon Oct 13 14:14:43 EDT 2008


Victor,

I can also confirm that Thunderbird works with GSSAPI/SSPI on XP against the 
Cyrus IMAP server. ( I just downloaded Thunderbird and did not modify any 
settings other then adding the account details)

Markus

"Markus Moeller" <huaraz at moeller.plus.com> wrote in message 
news:2ZWdnVsd_tIAj2_VnZ2dneKdnZydnZ2d at posted.plusnet...
>I use it against Cyrus IMAP v2.3.12p2 server (both client and server on 
>Linux) with AD as kdc.
>
> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5 
> AUTH=PLAIN AUTH=GSSAPI AUTH=CRAM-MD5 SASL-IR] imap.server.home Cyrus IMAP 
> v2.3.12p2 server ready
> 1 capability
> * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5 
> AUTH=PLAIN AUTH=GSSAPI AUTH=CRAM-MD5 SASL-IR ACL RIGHTS=kxte QUOTA 
> MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN 
> MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT 
> THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT 
> LIST-SUBSCRIBED URLAUTH
> 1 OK Completed
> 2 authenticate GSSAPI
> + YIIGjwYJKoZIhv....
> + YIGDBgk....
> + YDAGCSqGSIb3EgE....
> 2 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte 
> QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT 
> CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT 
> THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT 
> LIST-SUBSCRIBED URLAUTH] Success (no protection)
>
> .
> .
>
> Markus
>
> "Victor Sudakov" <vas at mpeks.no-spam-here.tomsk.su> wrote in message 
> news:gcs72m$2ci$1 at relay.tomsk.ru...
>> Victor Sudakov wrote:
>>> > >
>>> > >> Incidentally, I have been informed off-list that newer versions of
>>> > >> Exchange's IMAP implementation actually do support Kerberos via
>>> > >> GSSAPI.
>>> > >
>>> > > And what win32 IMAP clients can authenticate with GSSAPI?
>>
>>> > Thunderbird is reported to be able to do this:
>>> > http://kb.mozillazine.org/Network.auth.use-sspi
>>
>>> > I have not tried it, but it looks promising.
>>
>>> I have tried Thunderbird 2.0.0.14 for Windows with
>>> network.auth.use-sspi set to either true or false.
>>
>>> Ethereal does not see Thunderbird requesting any tickets for
>>> imap/relay2.tomsk.ru from AD. It just keeps asking for my password and
>>> does not create any traffic to the DC. Am I missing something?
>>
>> Is there anyone for whom Thunderbird with GSSAPI really works?
>> I hope it is not just theory, someone is using it or has tested it?
>>
>> -- 
>> Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
>> 2:5005/49 at fidonet http://vas.tomsk.ru/
> 




More information about the Kerberos mailing list