Hi, I've spent a week trying to configure cyrus-imapd-2.1.15 to work with MS Outlook 2000 over TLS/SSL. I see no way to fix it... maybe I've missed something?
System:
Slackware 9.1
openssl-09.7c
cyrus-imapd-cyrus-sasl-2.1.15 cyrus-imapd-2.1.15
compiled with no errors.
Mozilla Messanger, PINE - checked & work fine with it over port 993
MS Oultook -> (with the options [secure auth], work over SSL (port 993)) gives an error "CRAM-MD5 auth failed"
IMAPD.log:
####################################################
imapd[25702]: starttls: TLSv1 with cipher RC4-MD5(128/128 bits new) no authentication
imapd[25702]: badlogin: [213.152.132.32] NTLM [SASL(-13): user not found: no secret in database]
What kind of authentication do you want to do? Are you only going to allow plaintext auth mechanisms (via saslauthd), or do you want to allow shared secret mechanisms (via an auxprop plugin like sasldb, LDAP, SQL)?
The only way you will be able to use Outlook's SPA (NTLM) is to allow the user secrets to be stored in an auxprop backend, or to proxy the NTLM authentication to an NT/2K server.
My suggestion is to simply not use Outlook's SPA, since the authentication is already protected by SSL. Unchecking the SPA box should solve your problem.
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
