[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] Help with SASL/TLS
From: |
Bill Wohler |
Subject: |
Re: [Nmh-workers] Help with SASL/TLS |
Date: |
Tue, 13 May 2014 12:34:24 -0700 |
Ken Hornstein <address@hidden> wrote:
> > (tls-decrypted) <= 250-AUTH GSSAPI NTLM LOGIN
>
> Do you want to use GSSAPI (really Kerberos), NTLM, or LOGIN?
>
> Presumably you'd know if you were doing Kerberos; if you are using
> Kerberos, you'd be running kinit and _not_ be putting a password in your
> .netrc. That's failing because you don't have a Kerberos credential
> cache.
>
> If you're trying to do NTLM, then I don't know what the client-side support
> for that looks like.
>
> If you're trying to do LOGIN (which I suspect is most likely), then the
> problem is that the cyrus-sasl library is picking out the mechanism to
> use based on what the server is saying it prefers, which is (in order of
> most preferred to least preferred) GSSAPI, then NTLM, then LOGIN. So if
> you want to force a particular mechanism, you need to add an appropriate
> -saslmech option (in this case, -saslmech LOGIN).
Thank you! Adding -saslmech LOGIN worked like a charm.
That description would be a welcome addition to the currently terse
reference to -saslmech in the manual.
> --Ken
--
Bill Wohler <address@hidden> aka <address@hidden>
http://www.newt.com/wohler/
GnuPG ID:610BD9AD