Re: Suddenly unable to log into Exchange IMAP account
- From: Pawel Salek <pawsa0 gmail com>
- To: Simon Brown <simon cliffestones demon co uk>
- Cc: balsa-list gnome org
- Subject: Re: Suddenly unable to log into Exchange IMAP account
- Date: Wed, 01 Apr 2009 22:45:41 +0200
On 04/01/2009 10:32:24 PM, Simon Brown wrote:
On 01/04/09 20:58:31, Pawel Salek wrote:
> If you like, you can remove imap_auth_plain from
>
> static ImapAuthenticator imap_authenticators_arr[] = {
> imap_auth_anonymous, /* will be tried only if enabled */
> imap_auth_gssapi,
> imap_auth_cram,
> imap_auth_plain,
> imap_auth_login, /* login is deprecated */
> NULL
>;
>
> in libbalsa/imap/imap-auth.c and see what happens.
It successfully authenticates using LOGIN.
Now if I understand correctly using PLAIN and LOGIN isn't great, NTLM
also isn't great as it's a closed standard. GSSAPI doesn't seem to
work
either but is supported in some way by both Exchange and Balsa. How
much work is required to bridge that gap? Or would I be buying a
ticket
to a kicking?
Well, it's not all that bad. That's correct that PLAIN and LOGIN use
essentially unencrypted passwords over the net. You have however
protected the session with TLS encryption, and you should be perfectly
safe as long as you verify the certificate. This is how I use balsa
most. Other safe mode is GSSAPI but it stopped working for me since my
university migrated from Cyrus IMAP to Exchange. I never had time and
patience to debug the problem...
NTLM is formally a challenge-response type of authentication but the
actual design is flawed and easy to break. CRAM-MD5 is also a challenge
response type of authentication. There is also SKEY which is a kind of
one-time password. I have yet to see a server supporting it. One can in
principle authenticate IMAP using client SSL certificates - but we
haven't got that implemented in balsa yet. It would fairly
straightforward, though.
Pawel
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]