On Wednesday 19 November 2003 20:03, Ken Murchison wrote: I'd like to disable plaintext auth at all. I've changed the conf as you suggested to auxprop and t start to work FINE. THANK YOU som much. I shame of myself.....
> Ilya Basin wrote: > > Hi, > > I've spent a week trying to configure cyrus-imapd-2.1.15 > > to work with MS Outlook 2000 over TLS/SSL. > > I see no way to fix it... maybe I've missed something? > > > > > > System: > > > > Slackware 9.1 > > openssl-09.7c > > cyrus-imapd-cyrus-sasl-2.1.15 > > cyrus-imapd-2.1.15 > > > > compiled with no errors. > > > > Mozilla Messanger, PINE - checked & work fine with it over port 993 > > MS Oultook -> (with the options [secure auth], work over SSL (port 993)) > > gives an error "CRAM-MD5 auth failed" > > IMAPD.log: > > #################################################### > > imapd[25702]: starttls: TLSv1 with cipher RC4-MD5(128/128 bits new) no > > authentication > > imapd[25702]: badlogin: [213.152.132.32] NTLM [SASL(-13): user not found: > > no secret in database] > > What kind of authentication do you want to do? Are you only going to > allow plaintext auth mechanisms (via saslauthd), or do you want to allow > shared secret mechanisms (via an auxprop plugin like sasldb, LDAP, SQL)? > > The only way you will be able to use Outlook's SPA (NTLM) is to allow > the user secrets to be stored in an auxprop backend, or to proxy the > NTLM authentication to an NT/2K server. > > My suggestion is to simply not use Outlook's SPA, since the > authentication is already protected by SSL. Unchecking the SPA box > should solve your problem.