On Mon, Aug 06, 2007 at 02:24:02PM -0400, Jeff Blaine wrote: > Ken was right. Removing sasl_minimum_layer from imapd.conf > solved the problem... sadly. > > Maybe someone else will find my write-up next time: > > http://www.kickflop.net/blog/2007/08/06/thunderbird-kerberos-for-windows-and-cyrus-imap/
I would recommend also configuring Thunderbird to use TLS, ie. in addition to checking "use secure authentication", check "Use secure connection: TLS". The server will have to support TLS of course. This will protect Kerberos authenticated Thunderbird sessions from session hijacking in the absence of SASL security layers. It's too bad that much software doesn't bother implementing security layers, thus forcing you to run TLS too (ie. another heavyweight security layer with it's attendant certificate management burden). Another popular IMAP server, UW imapd, also doesn't support SASL security layers. --Shumon. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
