Hi all,
I've already addressed this with some of the Thunderbird
developers and was directed here as it is believed it's
a configuration problem, not a Thunderbird problem.
ERROR: Server does not support secure authentication (rephrased
error message from Thunderbird dialog).
More details on above error found via debugging settings:
10800[20cf170]: gss_init_sec_context() failed:
Unspecified GSS failure. Minor code may provide
more information
Server not found in Kerberos database
10800[20cf170]: leaving nsAuthGSSAPI::GetNextToken
[rv=80004005]
And finally note that the KDC I would like to authenticate to
(ourkdc.company.org) never logs a single thing related to this
Thunderbird auth attempt.
Client Environment
==================
1. Thunderbird 1.5.0.12
network.auth.use-sspi = false
2. Kerberos for Windows 3.2
3. C:\WINDOWS\krb5.ini contains:
[libdefaults]
default_realm = MYREALM.COMPANY.ORG
[domain_realm]
.company.org = MYREALM.COMPANY.ORG
company.org = MYREALM.COMPANY.ORG
[realms]
MYREALM.COMPANY.ORG = {
kdc = ourkdc.company.org
admin_server = ourkdc.company.org
}
5. Credentials for [EMAIL PROTECTED] are obtained
just fine.
6. This client is ALSO part of a Windows domain that I have
no control over. That Windows domain (kerberos-wise) is
"COMPANY.ORG" and when Kerberos for Windows starts the
credentials for [EMAIL PROTECTED] are imported.
KDC Environment (ourkdc.company.org)
====================================
1. MIT Kerberos 1.6.2
2. imap/mailsrv1.company.org exists in KDC and is in the
keytab file on mailsrv1.company.org
3. host/mailsrv1.company.org exists in KDC and is in the
keytab file on mailsrv1.company.org
Mail Server Environment
=======================
1. Cyrus IMAP 2 + Cyrus SASL 2
2. imtest with GSSAPI works fine when I have credentials for
[EMAIL PROTECTED]
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
