Please help with Cyrus vs MS Outlook over TSL/SSL
Ken Murchison
ken at oceana.com
Wed Nov 19 12:03:53 EST 2003
Ilya Basin wrote:
> Hi,
> I've spent a week trying to configure cyrus-imapd-2.1.15
> to work with MS Outlook 2000 over TLS/SSL.
> I see no way to fix it... maybe I've missed something?
>
>
> System:
>
> Slackware 9.1
> openssl-09.7c
> cyrus-imapd-cyrus-sasl-2.1.15
> cyrus-imapd-2.1.15
>
> compiled with no errors.
>
> Mozilla Messanger, PINE - checked & work fine with it over port 993
> MS Oultook -> (with the options [secure auth], work over SSL (port 993)) gives
> an error "CRAM-MD5 auth failed"
> IMAPD.log:
> ####################################################
> imapd[25702]: starttls: TLSv1 with cipher RC4-MD5(128/128 bits new) no
> authentication
> imapd[25702]: badlogin: [213.152.132.32] NTLM [SASL(-13): user not found: no
> secret in database]
What kind of authentication do you want to do? Are you only going to
allow plaintext auth mechanisms (via saslauthd), or do you want to allow
shared secret mechanisms (via an auxprop plugin like sasldb, LDAP, SQL)?
The only way you will be able to use Outlook's SPA (NTLM) is to allow
the user secrets to be stored in an auxprop backend, or to proxy the
NTLM authentication to an NT/2K server.
My suggestion is to simply not use Outlook's SPA, since the
authentication is already protected by SSL. Unchecking the SPA box
should solve your problem.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the Info-cyrus
mailing list