Thunderbird + Kerberos 5 + Cyrus SASL-and-IMAP?

[Jeff Blaine]

GSSAPI authentication from Thunderbird to Cyrus IMAP works!

You MUST:

1.  Specify a FQDN for your IMAP server in Thunderbird's
     account settings.  I was specifying an IP address.  Not
     good enough.

2.  The FQDN must resolve somehow.  For me, it was a matter
     of adding info to C:\WINDOWS\System32\drivers\etc\hosts

         192.168.168.100   noodle.foo.com

3.  Your domain, of course, must map to some Kerberos realm.
     This is done in your /etc/krb5.conf or krb5.ini for
     Windows.  Here's how mine was setup when working:

         [realms]
             JBTEST = {
                 kdc = 192.168.168.100
                 admin_server = 192.168.168.100
             }

         [domain_realm]
	    foo.com = JBTEST
	    .foo.com = JBTEST

4.  Obviously specify 'Secure Authentication' in the IMAP
     account's properties.

5.  In Thunderbird: Tools | Options | Advanced, Config editor
     set network.auth.use-sspi to false.

Jeff Blaine wrote:
> If anyone wants to assist in testing, here is the bug report
> I filed just now:
> 
> https://bugzilla.mozilla.org/show_bug.cgi?id=370178
>