Please help with Cyrus vs MS Outlook over TSL/SSL
Ilya Basin
lanmot at cwrussia.ru
Wed Nov 19 12:30:05 EST 2003
On Wednesday 19 November 2003 20:03, Ken Murchison wrote:
I'd like to disable plaintext auth at all.
I've changed the conf as you suggested to auxprop and t start to work FINE.
THANK YOU som much. I shame of myself.....
> Ilya Basin wrote:
> > Hi,
> > I've spent a week trying to configure cyrus-imapd-2.1.15
> > to work with MS Outlook 2000 over TLS/SSL.
> > I see no way to fix it... maybe I've missed something?
> >
> >
> > System:
> >
> > Slackware 9.1
> > openssl-09.7c
> > cyrus-imapd-cyrus-sasl-2.1.15
> > cyrus-imapd-2.1.15
> >
> > compiled with no errors.
> >
> > Mozilla Messanger, PINE - checked & work fine with it over port 993
> > MS Oultook -> (with the options [secure auth], work over SSL (port 993))
> > gives an error "CRAM-MD5 auth failed"
> > IMAPD.log:
> > ####################################################
> > imapd[25702]: starttls: TLSv1 with cipher RC4-MD5(128/128 bits new) no
> > authentication
> > imapd[25702]: badlogin: [213.152.132.32] NTLM [SASL(-13): user not found:
> > no secret in database]
>
> What kind of authentication do you want to do? Are you only going to
> allow plaintext auth mechanisms (via saslauthd), or do you want to allow
> shared secret mechanisms (via an auxprop plugin like sasldb, LDAP, SQL)?
>
> The only way you will be able to use Outlook's SPA (NTLM) is to allow
> the user secrets to be stored in an auxprop backend, or to proxy the
> NTLM authentication to an NT/2K server.
>
> My suggestion is to simply not use Outlook's SPA, since the
> authentication is already protected by SSL. Unchecking the SPA box
> should solve your problem.
More information about the Info-cyrus
mailing list