search for: imap_authenticate

hi i have a strange problem with my dovecot installtion: i configured it to accept digest-md5 authentication only but for some reason mailclients (i tried mutt and thunderbird so far) want to log with PLAIN (which fails of course). authentication basically works, e.g. if i explicitly set set imap_authenticators="digest-md5 in .muttrc everything works... any idea what is going wrong? config

Good morning all, I''ve been using the imap_authenticatable plugin for about a year now without incident. All of a sudden, I tried logging in this morning and this error is showing up in the logs. Does anyone have any idea what could be causing this or how to fix it? Thanks, Pete NoMethodError (undefined method `disconnect'' for nil:NilClass):

...ap#011 secured#011 session=<session ID>#011 lip=192.168.0.65#011 rip=192.168.0.65#011 lport=143#011 rport=36543#011 resp=<hidden> auth: scram-sha-1(?,192.168.0.65,<session ID>): authzid not supported auth: Debug: client passdb out: FAIL#0111 In the following is mutt's output: imap_authenticate: Trying method scram-sha-1 SASL local ip: 192.168.0.65;36543, remote ip:192.168.0.65;143 External SSF: 128 External authentication name: myname mutt_sasl_cb_authname: getting authname for mail.mydomain.local:143 mutt_sasl_cb_authname: getting user for mail.gas.de:143 mutt_sasl_cb_pass: getting pass...

Debug log output please! I think you still miss the gssapi module for dovecot. Am 03.07.2016 um 19:42 schrieb Mark Foley: > Achim, > > This is my most recent effort. If I cannot make progress from here I'm going to give this idea a rest. > > I used easy-rsa to create a cert. Files are: > > /etc/ssl/certs/OHPRS/easyrsa/ca.crt > /etc/ssl/certs/OHPRS/easyrsa/reqs/MAIL.req

OK, let me go through exactly what you did: you: > Here's the test (I must run mutt not telnet like i mentioned earlier to > get the imap tickets). > > root at server:~# kinit achim > Password for achim at DOMAIN.LOCAL: > [I enter my password] As root on AD/DC mail.hprs.local: me: $ kinit mark Password for mark at HPRS.LOCAL: [I enter my password] you: >

Achim, This is my most recent effort. If I cannot make progress from here I'm going to give this idea a rest. I used easy-rsa to create a cert. Files are: /etc/ssl/certs/OHPRS/easyrsa/ca.crt /etc/ssl/certs/OHPRS/easyrsa/reqs/MAIL.req /etc/ssl/certs/OHPRS/easyrsa/reqs/dovecot.req /etc/ssl/certs/OHPRS/easyrsa/private/ca.key /etc/ssl/certs/OHPRS/easyrsa/private/MAIL.key

Hi Mark, I'll keep replying to the list. You must create an signed server certificate for your FQDN. ~# ./build-key-server mail.hprs.local Then point to public and privat part in your dovecot config. ssl_cert = </etc/easy-rsa/keys/reqs/mail.hprs.local.req ssl_key = </etc/easy-rsa/keys/private/mail.hprs.local.key But all that should not interfere with kerberos because you can accept

More info ... when I do MAIL=imap://mark at mail.ohprs.org/ mutt (using the domain of the registered certificate). I do not get the message "Certificate host check failed: certificate owner does not match hosthame ..." I do get the same (mutt?) edit screen shown below with the "(r)eject, accept (o)nce, (a)ccept always" action at the bottom. If I "accept (o)nce",

It's getting abit offtopic for the samba list :-) Look at the testing section in http://wiki2.dovecot.org/Authentication/Kerberos do what is mentioned below "Test that the server can access the keytab". If i run the telnet authenticated test and klist afterwards contains the imap keys. Am 01.07.2016 um 08:21 schrieb Mark Foley: > More info ... > > when I do > >

Am 01.07.2016 um 10:37 schrieb Achim Gottinger: > It's getting abit offtopic for the samba list :-) > > Look at the testing section in > http://wiki2.dovecot.org/Authentication/Kerberos do what is mentioned > below "Test that the server can access the keytab". > > If i run the telnet authenticated test and klist afterwards contains > the imap keys. >

Did a few test here "auth_gssapi_hostname = "$ALL"" is no longer required with dovecot (2.2.13 here). Add "auth_debug=yes" to your dovecor config. 192.168.100.1 is my clients ip 192.168.100.101 is the servers ag is the domain account username I use to login to windows and also the username configured in thunderbird. On my debian system an package named