search

ExchangeCalendar / exchangecalendar

Exchange Calendar, Tasks, Contacts provider for Mozilla Thunderbird
GNU General Public License v3.0
677 stars 58 forks source link

kerberos #245

Open roncro opened 5 years ago

roncro commented 5 years ago

this is more a question, than an issue.

I tried to see if I can make it work with kerberos/krb5 authentication, I wasn't able to figure that out. Are there any plans for incorporating kerberos, for authentication to the exchange server?

thanks,

Ron

enzolis commented 5 years ago

Hi Ron,

short answer: Kerberos works. The long story (from https://github.com/ExchangeCalendar/exchangecalendar/issues/112 ): "Kerberos authentication works for me for years. After the TGT is acquired during login I do not need to provide a password to Thunderbird at all. It automatically gets the necessary tickets for IMAP and HTTP access, which can be verified by klist.

Did you add your domain to the network.negotiate-auth.trusted-uris key in the config editor? While this does not seem to be necessary for IMAP, it is mandatory for the calendar in my case."

Best regards, Thimo

Am 05.02.2019 um 17:41 schrieb roncro:

this is more a question, than an issue.

I tried to see if I can make it work with kerberos/krb5 authentication, I wasn't able to figure that out. Are there any plans for incorporating kerberos, for authentication to the exchange server?

thanks,

Ron

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ExchangeCalendar/exchangecalendar/issues/245, or mute the thread https://github.com/notifications/unsubscribe-auth/ALz5mwRvEZRr4MtaQFJ1sRGBt--CUi0mks5vKbQfgaJpZM4ajnI5.

roncro commented 5 years ago

Hello Thimo,

well, thunderbird was complaining about a kerberos key not being accepted by the IMAP server. It said something like "The Kerberos/GSSAPI key was not accepted by the IMAP Server mymai.zzz.gov Please check if you are logged into the Kerberos/GSSAPI realm"

But that is just the IMAP part.

The authentication for the calender, the response I got after connecting was the server asking for a password.

(sorry about the vagueness in the .gov domain)

Ron

On Tue, Feb 5, 2019 at 12:55 PM Thimo Emmerich notifications@github.com wrote:

Hi Ron,

short answer: Kerberos works. The long story (from https://github.com/ExchangeCalendar/exchangecalendar/issues/112 ): "Kerberos authentication works for me for years. After the TGT is acquired during login I do not need to provide a password to Thunderbird at all. It automatically gets the necessary tickets for IMAP and HTTP access, which can be verified by klist.

Did you add your domain to the network.negotiate-auth.trusted-uris key in the config editor? While this does not seem to be necessary for IMAP, it is mandatory for the calendar in my case."

Best regards, Thimo

Am 05.02.2019 um 17:41 schrieb roncro:

this is more a question, than an issue.

I tried to see if I can make it work with kerberos/krb5 authentication, I wasn't able to figure that out. Are there any plans for incorporating kerberos, for authentication to the exchange server?

thanks,

Ron

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ExchangeCalendar/exchangecalendar/issues/245, or mute the thread < https://github.com/notifications/unsubscribe-auth/ALz5mwRvEZRr4MtaQFJ1sRGBt--CUi0mks5vKbQfgaJpZM4ajnI5 .

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ExchangeCalendar/exchangecalendar/issues/245#issuecomment-460780493, or mute the thread https://github.com/notifications/unsubscribe-auth/AtJF6P-XnLNJXbK3Qs5MlnbhE51e8p1yks5vKeG5gaJpZM4ajnI5 .