Results 1 to 7 of 7

Thread: Does Zimbra support IMAP Secure Authentication?

  1. #1
    zzzzsg is offline Senior Member
    Join Date
    Nov 2005
    Posts
    73
    Rep Power
    9

    Default Does Zimbra support IMAP Secure Authentication?

    Hi All

    When I select "Use secure authentication" in my IMAP server settings in Thunderbird, I get this error "You cannot log in to myimapserver.domain.com because you have enabled secure authentication and this server does not support it. " (see attached screenshots).

    My question - does Zimbra support IMAP Secure Authentication?
    Is there anything I should do on the Zimbra server?
    Everything seems working in Zimbra - nothing in zimbra.log.
    All services running - including saslauthd (although I don't know if this is related to Secure authentication).

    I am using Zimbra 3.1 on Fedora 4.
    "Use SSL connection" in Thunderbird works, but "Use secure authentication" does not.
    I've also enabled both "Use SSL" and "Use secure authentication" at the same time, but it still gave the same error message.

    From my understanding, Thunderbird IMAP server settting "Use secure authentication" means that the client and server negotiate whether they want to use CRAM-MD5, MD5-digest or Kerberos to authenticate the user without sending the password across the network.
    Now, does Zimbra support this? Can somebody advise?

    Thank you very much in anticipation.

    gui
    Attached Images Attached Images
    Last edited by zzzzsg; 05-16-2006 at 09:33 AM.

  2. #2
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Try using just SSL for IMPA. Make sure in the Admin UI you have SSL enabled for IMAP.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  3. #3
    zzzzsg is offline Senior Member
    Join Date
    Nov 2005
    Posts
    73
    Rep Power
    9

    Default

    Hi Kevin

    I've tried that before and it worked, but that is not what we want.
    We don't want the entire IMAP to be SSL.
    Only want Secure Authentication.

    Thanks.

    gui


    Quote Originally Posted by KevinH
    Try using just SSL for IMPA. Make sure in the Admin UI you have SSL enabled for IMAP.

  4. #4
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Ok then that would be an enhancement request. I don't think we support that today.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  5. #5
    awtohost is offline Intermediate Member
    Join Date
    Mar 2009
    Posts
    15
    Rep Power
    6

    Default

    While on the subject zimbra does not support encrypted mails
    like PGP or anyother format

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by awtohost View Post
    While on the subject zimbra does not support encrypted mails
    like PGP or anyother format
    Search bugzilla for 'pgp'.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    Rich Graves is offline Outstanding Member
    Join Date
    Jan 2007
    Location
    Minnesota
    Posts
    717
    Rep Power
    9

    Default

    In the 3 years since the original post, Zimbra has added kerberos. Configuration is complex, but big kerberos shops are used to that.

    The md5 challenge/response mechanisms require the server to store a cleartext or cleartext-equivalent password, which is generally considered undesirable. Recent null-byte and rekeying news notwithstanding, SSL3/TLS is better... and best is kerberos, client certs, or one-time passwords over TLS.

    As for PGP, I'd say that Zimbra is 100% in sync with PGP's security model, which is that user keyrings should never be stored on servers (neither pubring nor secring). Keys should live on your single-user workstation. You can use an IMAP client, or possibly a browser plugin like FireGPG.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra shutdowns every n hours.
    By Andrewb in forum Administrators
    Replies: 13
    Last Post: 08-14-2007, 08:55 AM
  2. upgrade woes -made into new thread
    By JustinHarlow in forum Installation
    Replies: 18
    Last Post: 06-08-2007, 12:11 PM
  3. zimbra-core missing
    By kinaole in forum Developers
    Replies: 1
    Last Post: 10-02-2006, 11:59 AM
  4. Zimbra Processor Output
    By UltraFlux in forum Installation
    Replies: 3
    Last Post: 02-01-2006, 08:23 AM
  5. FC3 Install and no zimbra ?
    By aws in forum Installation
    Replies: 10
    Last Post: 10-09-2005, 04:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •