Hi Daniel, To begin with, my sincere apologies for not being able to reply earlier!
> i have a functioning KRB5 domain with a GSSAPI-enabled (via SASL) IMAP > server (cyrus). Other GSSAPI-capable MUAs (e.g. mutt) are capable of > using a krb5 credentials cache to connect properly to their mailbox > without additional authentication. i'd like to set up /usr/bin/mail > to do this as well, if that's possible. Although the works to implement it are in progress, bin/mail in its current state is not able to handle SASL authentication. For the time being the best solution is probably to use GNU Anubis as a mail processor. This program is able to get plaintext SMTP connections and to connect to the remote SMTP using a wide variety of authentication schemes supported by gnutls. You will find more information about it, including links to the documentation and downloads on its home page: http://www.gnu.org/software/anubis I plan to finish adding GSSAPI support to bin/mail as soon as possible. > i see that mail has a --tls=BOOL option for connecting with > TLS-capable servers. What i can't tell is how the TLS certificates > are verified. Without proper certificate validation, TLS connections > are vulnerable to man-in-the-middle attacks from an active attacker > (one who can intercept and modify traffic). This and another point mentioned by you (forcing mail to use TLS) are very important features indeed. > If mailutils isn't capable of these distinctions, are they desired > features? Sure, they are. It would be great if you could help us implement them. Regards, Sergey _______________________________________________ Bug-mailutils mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-mailutils
