Re: [Nmh-workers] Help with SASL/TLS

nmh-workers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] Help with SASL/TLS

From:	Ken Hornstein
Subject:	Re: [Nmh-workers] Help with SASL/TLS
Date:	Tue, 13 May 2014 15:21:43 -0400

>    (tls-decrypted) <= 250-AUTH GSSAPI NTLM LOGIN

Do you want to use GSSAPI (really Kerberos), NTLM, or LOGIN?

Presumably you'd know if you were doing Kerberos; if you are using
Kerberos, you'd be running kinit and _not_ be putting a password in your
.netrc.  That's failing because you don't have a Kerberos credential
cache.

If you're trying to do NTLM, then I don't know what the client-side support
for that looks like.

If you're trying to do LOGIN (which I suspect is most likely), then the
problem is that the cyrus-sasl library is picking out the mechanism to
use based on what the server is saying it prefers, which is (in order of
most preferred to least preferred) GSSAPI, then NTLM, then LOGIN.  So if
you want to force a particular mechanism, you need to add an appropriate
-saslmech option (in this case, -saslmech LOGIN).

--Ken

[Prev in Thread]

Current Thread

[Next in Thread]

[Nmh-workers] Help with SASL/TLS, Bill Wohler, 2014/05/13
- Re: [Nmh-workers] Help with SASL/TLS, Ken Hornstein <=
  - Re: [Nmh-workers] Help with SASL/TLS, Bill Wohler, 2014/05/13
    - Re: [Nmh-workers] Help with SASL/TLS, Ken Hornstein, 2014/05/13
    - Re: [Nmh-workers] Help with SASL/TLS, Lyndon Nerenberg, 2014/05/13
  - Re: [Nmh-workers] Help with SASL/TLS, Lyndon Nerenberg, 2014/05/13
    - Re: [Nmh-workers] Help with SASL/TLS, Ken Hornstein, 2014/05/13

Prev by Date: [Nmh-workers] Help with SASL/TLS
Next by Date: Re: [Nmh-workers] Help with SASL/TLS
Previous by thread: [Nmh-workers] Help with SASL/TLS
Next by thread: Re: [Nmh-workers] Help with SASL/TLS
Index(es):
- Date
- Thread