Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio master password and imapsync
  •  
PhoenixUA

Messages: 3
Karma: 0
Send a private message to this user
Can I use imapsync with Kerio master password feature?
What the login for master password?
  •  
  •  
PhoenixUA

Messages: 3
Karma: 0
Send a private message to this user
Why and how this product works with master password?:
en.help.mailstore.com/Archiving_Emails_from_Kerio_Connect#Ar chiving_Multiple_Mailboxes_in_One_Step
What is "User Name: (Kerio Master)"?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Mailstore contains a support for this special type of authentication.
  •  
PhoenixUA

Messages: 3
Karma: 0
Send a private message to this user
Does the information about this special type of auth confidential and only for money?
  •  
vandry

Messages: 1
Karma: 0
Send a private message to this user
Hi PhoenixUA,

This thread hasn't seen activity in more than a year, but perhaps you are still interested in the answer.

I needed the same information myself and I have been having trouble getting it from Kerio support. But I was able to reverse engineer the solution, so here it is.

Kerio master authentication uses a different command than normal authentication. imapsync expects to use the normal IMAP login command "LOGIN" in order to log in, so it would have to be modified to support the special proprietary command required for this protocol. I haven't looked at imapsync source code, but my guess is that it shouldn't be too hard. Scripts using most available IMAP support libraries (such as Python's "imaplib" ought to be able to support this with some customization.

The protocol goes as follows:

After connecting to the Kerio server from an IP address that is permitted in the master authentication whitelist, issue the X-MASTERAUTH command.

* OK Kerio Connect 7.3.1 patch 2 IMAP4rev1 server ready
tag1 X-MASTERAUTH


The server will respond with a challenge:

+ <numbers.morenumbers@hostname>


Your script/application must concatenate the challenge as an ASCII string (including the angle brackets) together with the correct master authentication password as another ASCII string, with no separator in between; hash the resulting string with MD5; and produce the MD5 output as a hexadecimal string. Send this hexadecimal digest as-is, followed by CR+LF.

If the challenge were the fake one I listed above as an example and the master password were "foo", you would send:

9cac5cd7db8d7130d432095e67912671


You should get a succesful response. Now you must use the command "X-SETUSER" to "become" the desired user:

tag1 OK X-MASTERAUTH Welcome to server, master
tag2 X-SETUSER somebody
tag2 OK X-SETUSER completed


At this point, the IMAP session operates exactly as if you had logged in normally as user "somebody".
Previous Topic: Webmail printing
Next Topic: Updater Service requires admin Account
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 16:04:30 CET 2017

Total time taken to generate the page: 0.00413 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.