[30354] in Kerberos
Re: Kerberize MS Exchange?
daemon@ATHENA.MIT.EDU (Markus Moeller)
Tue Oct 14 10:08:00 2008
From: "Markus Moeller" <huaraz@moeller.plus.com>
In-Reply-To: <gcs72m$2ci$1@relay.tomsk.ru>
Date: Sun, 12 Oct 2008 16:05:57 +0100
MIME-Version: 1.0
Message-ID: <2ZWdnVsd_tIAj2_VnZ2dneKdnZydnZ2d@posted.plusnet>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I use it against Cyrus IMAP v2.3.12p2 server (both client and server on
Linux) with AD as kdc.
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5
AUTH=PLAIN AUTH=GSSAPI AUTH=CRAM-MD5 SASL-IR] imap.server.home Cyrus IMAP
v2.3.12p2 server ready
1 capability
* CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5 AUTH=PLAIN
AUTH=GSSAPI AUTH=CRAM-MD5 SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS
NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT
SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE
CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED URLAUTH
1 OK Completed
2 authenticate GSSAPI
+ YIIGjwYJKoZIhv....
+ YIGDBgk....
+ YDAGCSqGSIb3EgE....
2 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte
QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES
ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED URLAUTH]
Success (no protection)
.
.
Markus
"Victor Sudakov" <vas@mpeks.no-spam-here.tomsk.su> wrote in message
news:gcs72m$2ci$1@relay.tomsk.ru...
> Victor Sudakov wrote:
>> > >
>> > >> Incidentally, I have been informed off-list that newer versions of
>> > >> Exchange's IMAP implementation actually do support Kerberos via
>> > >> GSSAPI.
>> > >
>> > > And what win32 IMAP clients can authenticate with GSSAPI?
>
>> > Thunderbird is reported to be able to do this:
>> > http://kb.mozillazine.org/Network.auth.use-sspi
>
>> > I have not tried it, but it looks promising.
>
>> I have tried Thunderbird 2.0.0.14 for Windows with
>> network.auth.use-sspi set to either true or false.
>
>> Ethereal does not see Thunderbird requesting any tickets for
>> imap/relay2.tomsk.ru from AD. It just keeps asking for my password and
>> does not create any traffic to the DC. Am I missing something?
>
> Is there anyone for whom Thunderbird with GSSAPI really works?
> I hope it is not just theory, someone is using it or has tested it?
>
> --
> Victor Sudakov, VAS4-RIPE, VAS47-RIPN
> 2:5005/49@fidonet http://vas.tomsk.ru/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
