On Wed, 2014-11-05 at 17:04 +0100, Harry Schmalzbauer wrote:
Bezüglich Jan Behrend's Nachricht vom 05.11.2014 17:01 (localtime):
On Wed, 2014-11-05 at 16:52 +0100, Harry Schmalzbauer wrote:
Bezüglich Hans Morten Kind's Nachricht vom 05.11.2014 16:48 (localtime):
On Wed, Nov 05, 2014 at 04:22:12PM +0100, Harry Schmalzbauer wrote:
as soon as I set "disable_plaintext_auth = yes", AUTH=GSSAPI vanishes from capabilities. Try setting login_trusted_networks to something you trust. root@mailbox1:/etc/dovecot/conf.d# doveconf auth_mechanisms auth_mechanisms = plain login gssapi root@mailbox1:/etc/dovecot/conf.d# doveconf disable_plaintext_auth disable_plaintext_auth = yes root@mailbox1:/etc/dovecot/conf.d# doveconf login_trusted_networks login_trusted_networks =
a CAPABILITY
- CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI
You don't see LOGINDISABLED, so I guess rip==lip (you tested @localhost), right?
No, but I didn't show all of it ;-). Here it is:
jbehrend@jb1:~$ gnutls-cli --starttls --x509cafile /etc/ssl/certs/Max-Planck-Gesellschaft.pem -p 143 imap.mpifr-bonn.mpg.de Processed 1 CA certificate(s). Resolving 'imap.mpifr-bonn.mpg.de'... Connecting to '134.104.18.77:143'...
- Simple Client Mode:
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready. a starttls a OK Begin TLS negotiation now. *** Starting TLS handshake
- Ephemeral Diffie-Hellman parameters
- Using prime: 1024 bits
- Secret key: 1023 bits
- Peer's public key: 1023 bits
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject
C=DE,ST=Nordrhein-Westfalen,L=Bonn,O=Max-Planck-Gesellschaft,OU=Max-Planck-Institut fuer Radioastronomie,CN=imap.mpifr-bonn.mpg.de', issuerC=DE,O=Max-Planck-Gesellschaft,CN=MPG CA,EMAIL=mpg-ca@mpg.de', RSA key 4096 bits, signed using RSA-SHA1, activated2014-05-06 11:17:21 UTC', expires2019-05-05 11:17:21 UTC', SHA-1 fingerprint `c0b4fb497ac212f0e05de24f2c097a0b712435cc' - The hostname in the certificate matches 'imap.mpifr-bonn.mpg.de'.
- Peer's certificate is trusted
- Version: TLS1.2
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL a CAPABILITY
- CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI a OK Pre-login capabilities listed, post-login capabilities have more.
Cheers Jan
-- MAX-PLANCK-INSTITUT fuer Radioastronomie Jan Behrend - Rechenzentrum
Auf dem Huegel 69, D-53121 Bonn
Tel: +49 (228) 525 359, Fax: +49 (228) 525 229
jbehrend@mpifr-bonn.mpg.de http://www.mpifr-bonn.mpg.de