Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » secure IMAP problems
  •  
jwozniak

Messages: 6
Karma: 0
Send a private message to this user
Hello,

We upgraded our KMS to 6.4.0, but still have problem with logging to KMS from MS Outlook with the newset Kerio plugin. When using plain IMAP (port 143) everything works fine. But when in the mail account settings in Outlook we change protocol to use secure connection (IMAPS, port 993) users cannot log in. The server log file (/opt/kerio/mailserver/store/logs/security.log) says: 'Failed IMAP login from xxx.xxx.xxx.xxx, authentication method DIGEST-MD5'.
Some additional info:
- KMS runs on RHEL 5
- IMAPS works when using Mozilla Thunderbird, but we dicsovered that Thunderbird uses PLAIN method. So we don't know if DIGEST-MD5 would work with Thunderbird
- login and password in outlook are OK, because switching from IMAPS to IMAP makes the problem disappear
- In KMS Advanced Options->Security Policy all authentication method are checked, including DIGEST-MD5
- in users.cfg all the password are stored with SHA.DE3 method

What can we do to trace the problem source and use secure IMAP connections?

Best regards,
Jacek Wozniak
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Since user passwords are stored in irreversible (SHA) format, Digest-MD5 and Cram-MD5 authentication method cannot be used (it requires the server must know plaintext password).
I'm recommending disabling both authentication methods. Outlook will use LOGIN or PLAIN authentication method then and successfully authenticate the user.
  •  
jwozniak

Messages: 6
Karma: 0
Send a private message to this user
Thank you for the answer. I disabled digest and cram, but outlook clients still tried to use digest. So eventually we reconfigured Outlook clients to use IMAP instead of IMAPS. That forced using PLAIN method.

I think it would be better if all the user passwords were stored in reversible format, allowing Digest or Cram authentication. I examined users.cfg file and it seems that passwords in our installation are stored in 3 different formats:
- SHA.DE3
- DE3
- D3S

Could you please tell me what is the difference between those methods and which one of them are reversible?

Again, thanks for the help.
Jacek Wozniak
Previous Topic: Cannot send from the Kerio account
Next Topic: KMS 6.4 on SuSE 9.1
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 02:12:33 CET 2017

Total time taken to generate the page: 0.00431 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.