Re: sasl EXTERNAL authentication by ssl certificate
On Saturday, 06 December 2008 at 13:16, mitrohin a.s. wrote:
> ehlo.
>
> mutt unable to authenticate in cyrus-imapd by ssl certificate with
> error - "No authenticators available".
>
> Configuration files:
>
> # imapd.conf
> sasl_mech_list: external plain login
>
> # .muttrc
> set ssl_starttls=yes
> set ssl_client_cert="~/.ssl/swp.pem"
> set folder="imap://mail.domain.tld/"
> set spoolfile="+INBOX"
> mailboxes "!"
> account-hook . 'unset imap_user; unset imap_pass; unset tunnel'
> account-hook imap://mail.domain.tld/ 'set imap_authenticators=EXTERNAL'
> #account-hook imap://mail.domain.tld/ 'set imap_user=swp; set
> imap_pass=XXXXXXXX; set imap_authenticators=LOGIN'
>
> # cyrus-imapd log messages
> Dec 6 11:52:09 bspu imap[9873]: received client certificate
> Dec 6 11:52:09 bspu imap[9873]:
> subject=/C=RU/ST=Altai/L=Barnaul/O=BSPU/OU=people/CN=swp/emailAddress=swp@xxxxxxxxx
> Dec 6 11:52:09 bspu imap[9873]: starttls: TLSv1 with cipher AES256-SHA
> (256/256 bits new) authenticated as swp
Works for me. Run with -d2 and examine the .muttdebug log to see if
AUTH=EXTERNAL
is in the CAPABILITY list, and what happends after the CAPABILITY response.