Page 1 of 1
Outlook secure authentication
Posted: Mon Jan 09, 2006 9:05 pm
by sbullet0810
Does the community version support secure exchange of passwords in using Outlook as an IMAP client? I saw some posts that seem to indicate it does, but SPA doesn't work and I can see the userid and password with tcpdump.
Posted: Mon Jan 09, 2006 9:17 pm
by ScalixSupport
SPA isn't supported but the IMAP server will handle SASL authentication provided that the client is capable of it. This is usually PLAIN, LOGIN or MD5.
Cheers
Dave
Posted: Tue Jan 10, 2006 9:05 am
by sbullet0810
Ok, I guess Outlook must only support plain. Do you guys know?
I tried Thunderbird and it negotiates cram-md5 and the userid and password are encrypted. I also see the scalix IMAP server state the capabilities at the start of the protocol conversation. I just wasn't sure if Outlook didn't support secure credentials without SPA or if I wasn't configuring the client properly.
Thanks
Posted: Tue Jan 10, 2006 2:39 pm
by kali
I think you can do exactly what you are trying to do.
If you make a link to libntlm.so (which resides in /usr/lib/sasl2) in /opt/scalix/lib/security, then "NTLM" will be offered with is MS SPA, and using that check box will work.
Cheers