On Wed, 2014-11-05 at 17:04 +0100, Harry Schmalzbauer wrote: > Bezüglich Jan Behrend's Nachricht vom 05.11.2014 17:01 (localtime): > > On Wed, 2014-11-05 at 16:52 +0100, Harry Schmalzbauer wrote: > >> Bezüglich Hans Morten Kind's Nachricht vom 05.11.2014 16:48 (localtime): > >>> On Wed, Nov 05, 2014 at 04:22:12PM +0100, Harry Schmalzbauer wrote: > >>>> as soon as I set "disable_plaintext_auth = yes", AUTH=GSSAPI vanishes > >>>> from capabilities. > >>> Try setting login_trusted_networks to something you trust. > > root@mailbox1:/etc/dovecot/conf.d# doveconf auth_mechanisms > > auth_mechanisms = plain login gssapi > > root@mailbox1:/etc/dovecot/conf.d# doveconf disable_plaintext_auth > > disable_plaintext_auth = yes > > root@mailbox1:/etc/dovecot/conf.d# doveconf login_trusted_networks > > login_trusted_networks = > > > > > > a CAPABILITY > > * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > > AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI > > You don't see LOGINDISABLED, so I guess rip==lip (you tested > @localhost), right?
No, but I didn't show all of it ;-). Here it is: jbehrend@jb1:~$ gnutls-cli --starttls --x509cafile /etc/ssl/certs/Max-Planck-Gesellschaft.pem -p 143 imap.mpifr-bonn.mpg.de Processed 1 CA certificate(s). Resolving 'imap.mpifr-bonn.mpg.de'... Connecting to '134.104.18.77:143'... - Simple Client Mode: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready. a starttls a OK Begin TLS negotiation now. *** Starting TLS handshake - Ephemeral Diffie-Hellman parameters - Using prime: 1024 bits - Secret key: 1023 bits - Peer's public key: 1023 bits - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - subject `C=DE,ST=Nordrhein-Westfalen,L=Bonn,O=Max-Planck-Gesellschaft,OU=Max-Planck-Institut fuer Radioastronomie,CN=imap.mpifr-bonn.mpg.de', issuer `C=DE,O=Max-Planck-Gesellschaft,CN=MPG CA,EMAIL=mpg...@mpg.de', RSA key 4096 bits, signed using RSA-SHA1, activated `2014-05-06 11:17:21 UTC', expires `2019-05-05 11:17:21 UTC', SHA-1 fingerprint `c0b4fb497ac212f0e05de24f2c097a0b712435cc' - The hostname in the certificate matches 'imap.mpifr-bonn.mpg.de'. - Peer's certificate is trusted - Version: TLS1.2 - Key Exchange: DHE-RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL a CAPABILITY * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI a OK Pre-login capabilities listed, post-login capabilities have more. Cheers Jan -- MAX-PLANCK-INSTITUT fuer Radioastronomie Jan Behrend - Rechenzentrum ---------------------------------------- Auf dem Huegel 69, D-53121 Bonn Tel: +49 (228) 525 359, Fax: +49 (228) 525 229 jbehr...@mpifr-bonn.mpg.de http://www.mpifr-bonn.mpg.de
smime.p7s
Description: S/MIME cryptographic signature