<<< Date Index >>>     <<< Thread Index >>>

Re: sasl EXTERNAL authentication by ssl certificate



On Saturday, 06 December 2008 at 13:16, mitrohin a.s. wrote:
> ehlo.
> 
> mutt unable to authenticate in cyrus-imapd by ssl certificate with
> error - "No authenticators available".
> 
> Configuration files:
> 
> # imapd.conf
> sasl_mech_list: external plain login
> 
> # .muttrc
> set ssl_starttls=yes
> set ssl_client_cert="~/.ssl/swp.pem"
> set folder="imap://mail.domain.tld/"
> set spoolfile="+INBOX"
> mailboxes "!"
> account-hook . 'unset imap_user; unset imap_pass; unset tunnel'
> account-hook imap://mail.domain.tld/ 'set imap_authenticators=EXTERNAL'
> #account-hook imap://mail.domain.tld/ 'set imap_user=swp; set 
> imap_pass=XXXXXXXX; set imap_authenticators=LOGIN'
> 
> # cyrus-imapd log messages
> Dec  6 11:52:09 bspu imap[9873]: received client certificate
> Dec  6 11:52:09 bspu imap[9873]: 
> subject=/C=RU/ST=Altai/L=Barnaul/O=BSPU/OU=people/CN=swp/emailAddress=swp@xxxxxxxxx
> Dec  6 11:52:09 bspu imap[9873]: starttls: TLSv1 with cipher AES256-SHA 
> (256/256 bits new) authenticated as swp

Works for me. Run with -d2 and examine the .muttdebug log to see if 
AUTH=EXTERNAL
is in the CAPABILITY list, and what happends after the CAPABILITY response.