<<< Date Index >>>     <<< Thread Index >>>

Re: sasl EXTERNAL authentication by ssl certificate



Shouldn't you use "imaps://" instead of "imap://"?

On Sat, Dec 06, 2008 at 01:16:06PM +0600, mitrohin a.s. wrote:
> ehlo.
> 
> mutt unable to authenticate in cyrus-imapd by ssl certificate with
> error - "No authenticators available".
> 
> Configuration files:
> 
> # imapd.conf
> sasl_mech_list: external plain login
> 
> # .muttrc
> set ssl_starttls=yes
> set ssl_client_cert="~/.ssl/swp.pem"
> set folder="imap://mail.domain.tld/"
> set spoolfile="+INBOX"
> mailboxes "!"
> account-hook . 'unset imap_user; unset imap_pass; unset tunnel'
> account-hook imap://mail.domain.tld/ 'set imap_authenticators=EXTERNAL'
> #account-hook imap://mail.domain.tld/ 'set imap_user=swp; set 
> imap_pass=XXXXXXXX; set imap_authenticators=LOGIN'
> 
> # cyrus-imapd log messages
> Dec  6 11:52:09 bspu imap[9873]: received client certificate
> Dec  6 11:52:09 bspu imap[9873]: 
> subject=/C=RU/ST=Altai/L=Barnaul/O=BSPU/OU=people/CN=swp/emailAddress=swp@xxxxxxxxx
> Dec  6 11:52:09 bspu imap[9873]: starttls: TLSv1 with cipher AES256-SHA 
> (256/256 bits new) authenticated as swp
> 
> # mutt -v
> Mutt 1.5.18 (2008-05-17)
> Copyright (C) 1996-2008 Michael R. Elkins and others.
> Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
> Mutt is free software, and you are welcome to redistribute it
> under certain conditions; type `mutt -vv' for details.
> 
> System: FreeBSD 7.1-PRERELEASE (i386)
> ncurses: ncurses 5.6.20080503 (compiled with 5.6)
> libiconv: 1.11
> Compile options:
> -DOMAIN
> -DEBUG
> -HOMESPOOL  +USE_SETGID  +USE_DOTLOCK  +DL_STANDALONE  
> -USE_FCNTL  +USE_FLOCK   
> +USE_POP  +USE_NNTP  +USE_IMAP  -USE_SMTP  +USE_GSS  +USE_SSL_OPENSSL  
> -USE_SSL_GNUTLS  +USE_SASL  +HAVE_GETADDRINFO  
> +HAVE_REGCOMP  -USE_GNU_REGEX  +COMPRESSED  
> +HAVE_COLOR  +HAVE_START_COLOR  +HAVE_TYPEAHEAD  +HAVE_BKGDSET  
> +HAVE_CURS_SET  +HAVE_META  +HAVE_RESIZETERM  
> +CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME  
> -CRYPT_BACKEND_GPGME  
> -EXACT_ADDRESS  -SUN_ATTACHMENT  
> -ENABLE_NLS  -LOCALES_HACK  +HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET  
> +HAVE_LANGINFO_YESEXPR  
> +HAVE_ICONV  -ICONV_NONTRANS  -HAVE_LIBIDN  +HAVE_GETSID  -USE_HCACHE  
> -ISPELL
> SENDMAIL="/usr/sbin/sendmail"
> MAILPATH="/var/mail"
> PKGDATADIR="/usr/local/share/mutt"
> SYSCONFDIR="/usr/local/etc"
> EXECSHELL="/bin/sh"
> -MIXMASTER
> To contact the developers, please mail to <mutt-dev@xxxxxxxx>.
> To report a bug, please visit http://bugs.mutt.org/.
> 
> vvv.quote
> patch-1.5.0.ats.date_conditional.1
> dgc.deepif.1
> vvv.initials
> vvv.nntp
> patch-1.5.4.cd.ifdef.1
> rr.compressed
> 
> /swp