https://wiki.mozilla.org/Thunderbird:Supported_authentication_methods
Is kinda outdated
- David
I'm trying to make it work on Windows platform, is there any special
steps I need accomplish to make work transparent authentication - so TB
will use my current credentials?
- David
Tried false and true, I'm kinda confused about SSPI and GSSAPI in
Windows. Its always trying to use NTLM authentication. My SMTP settings
is use name and password while I'm tried to leave user name empty and
enable "use secure authentication" checkbox. Empty user name don't at
all and if I enter user name there will be log like this.
EHLO [192.168.23.1]
250-guard-01b5d2548 Hello [192.168.23.1]
250-AUTH GSSAPI NTLM
250-TURN
250-SIZE 2097152
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250 OK
AUTH NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
334
[snip]
535 5.7.3 Authentication unsuccessful
QUIT
Looks like we are missing gui for use current credentials.
We use current credentials by default. You should be able to make it
work by simply having no username and password.
What is missing is any kind of meaningful error reporting for GSSAPI
- there's an open bug on this, which I really must get around to
looking at at some point - I'm really waiting for my LDAP code to
land before I start thinking about SASL in Thunderbird again. There
is a debug flag you can use which will print out these errors to
stdout - unfortunately, I can't remember what it is off the top of my
head, and I'm too network challenged to be able to look it up at
present.
From the trace you've posted, however, it looks like we're failing
to initiate a GSSAPI session for your server. Do you have the correct
smtp/<hostname> principal created in your KDC? What's in your
credentials cache after a failed authenticate attempt.
S.
This is Windows 2003 DC with smtp installed for testing purpose. I'm
using http://ldapadmin.sourceforge.net to make connection to DC using
GSS-API and its working just fine.
I add Firefox 3.0.5 to my test to make sure kerberos actually working
with my Windows DC. I've installed IIS web server enabled integrated
authentication only, set these settings:
network.negotiate-auth.delegation-uris = https://,http://
network.negotiate-auth.trusted-uris = https://,http://
Point FF to IIS address and it open pages w/o any password prompts.
EHLO [192.168.23.132]
250-guard-01b5d2548.inblock.test Hello [192.168.23.132]
250-AUTH GSSAPI NTLM
250-TURN
250-SIZE 2097152
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250 OK
AUTH GSSAPI
[snip]
500 5.5.2 Unrecognized command
Sound like Windows SMTP service bug?