[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] Help with SASL/TLS

From: Bill Wohler
Subject: Re: [Nmh-workers] Help with SASL/TLS
Date: Tue, 13 May 2014 12:34:24 -0700

Ken Hornstein <address@hidden> wrote:

> >    (tls-decrypted) <= 250-AUTH GSSAPI NTLM LOGIN
> Do you want to use GSSAPI (really Kerberos), NTLM, or LOGIN?
> Presumably you'd know if you were doing Kerberos; if you are using
> Kerberos, you'd be running kinit and _not_ be putting a password in your
> .netrc.  That's failing because you don't have a Kerberos credential
> cache.
> If you're trying to do NTLM, then I don't know what the client-side support
> for that looks like.
> If you're trying to do LOGIN (which I suspect is most likely), then the
> problem is that the cyrus-sasl library is picking out the mechanism to
> use based on what the server is saying it prefers, which is (in order of
> most preferred to least preferred) GSSAPI, then NTLM, then LOGIN.  So if
> you want to force a particular mechanism, you need to add an appropriate
> -saslmech option (in this case, -saslmech LOGIN).

Thank you! Adding -saslmech LOGIN worked like a charm.

That description would be a welcome addition to the currently terse
reference to -saslmech in the manual.

> --Ken

Bill Wohler <address@hidden> aka <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]