User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8 Build Identifier: 0.7.1 (20040626) If you configure Thunderbird to do authenticated SMTP or LDAP, you can specify the login or bind DN respectively, but you'll be prompted for your password. In my testing so far (Mac OS X), this password dialog seems to come up with every outgoing email or query respectively. (I've heard second-hand from another user (Windows) that said after the first prompt it did cache it for a while, but then asked again later.) At many organizations like mine, the login and password for all services is the same. Some other *cough* email clients provide a checkbox option to allow the POP3/IMAP (incoming) password that the user has already typed to be used for other services like SMTP and LDAP. Having this option in Thunderbird would make it a lot more user-friendly. Users do not want to have to type a password for each email they send or address they look up. Reproducible: Always Steps to Reproduce:
one of these should work: 402 // if true, we'll use the password from an incoming server with 403 // matching username and domain 404 pref("mail.smtp.useMatchingDomainServer", false); 405 406 // if true, we'll use the password from an incoming server with 407 // matching username and host name 408 pref("mail.smtp.useMatchingHostNameServer", false);
Thanks for the quick response. It looked like just the thing for SMTP. I found my ~/Library/ Thunderbird/Profiles/default.kxt/prefs.js file and added: pref("mail.smtp.useMatchingDomainServer", true); pref("mail.smtp.useMatchingHostNameServer", true); in lexical order with the other mail.smtp* ones; no go, it still asked me for my password during outgoing SMTP. I then tried: pref("mail.smtpserver.smtp1.useMatchingDomainServer", true); pref("mail.smtpserver.smtp1.useMatchingHostNameServer", true); because I noticed that's where most of the other settings are; that didn't work either. Is there something else I need to do to make this effective? My IMAP server is e.g. imap.example.net and my SMTP server is smtp.example.net (same domain, different 3rd-level). (Also, my RFE is asking for the same behavior for LDAP.)
> I've heard second-hand from another user (Windows) that said after the first > prompt it did cache it for a while, but then asked again later. It's cached for the rest of the session. And if you check "Remember" in the password dialoge it's saved in the password manager for each session. That's at least what it should do - if it doesn't in your case, something is wrong.
-> Core:MailNews:LDAP Integration
Assignee: mscott → sspitzer
Component: General → MailNews: LDAP Integration
Product: Thunderbird → Core
QA Contact: grylchan
Version: unspecified → Trunk
I just wanted to comment on this briefly. Where I work, I am required to use a SecurID number (changes every minute) appended to my IMAP/SMTP password. So "Use Password Manager" to save is not a viable solution, sadly. Unfortunately, while I am prompted for my IMAP password only when TB starts, I am prompted for my SMTP password when I send an email and haven't been authenticated in an hour. If TB could have a setting like Entourage (gak!) does which says to use the same password for SMTP as was used for IMAP, I would be spared this horrible punishment. :) Please please please add this for me?! I will pay cash dollars! Ones, even FIVES, of dollars!! :) :)hal mahaffey firstname.lastname@example.org
Will these options be configurable from the GUI at some point?
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
Summarising the status of this bug: It is possible: - to use the POP-password as SMTP-password (comment 1) It is not possible: - to configure this option via GUI (comment 6) - to apply this option only to single accounts (so I believe) - to have this for IMAP (comment 2, if I understand correctly) - using this option with LDAP (comment 2) Is this it?
it works for imap in the same way that it works for pop3 - if you've authenticated against the incoming server with the same host name or domain, depending on how you set your prefs, we'll try that password for the smtp server.
David is correct; I have now tested this with Thunderbird 1.0.6 (Mac OS X) and now adding the two lines mentioned in comment 1 are working for me with IMAP. Thanks. So as far as I'm concerned, this bug should be changed from UNCONFIRMED to something that indicates "RFE". My RFE is that I feel these options need to be in the GUI or they will not be useful to the average user. Other email clients have checkboxes in the account settings for this purpose. My question about the same functionality (using the user-entered login+password) for LDAP is still outstanding... is there a prefs.js setting for that also? (And to be clear, my request is outside of the password manager functionality; we want the user to enter their password once per Thunderbird launch, not have it cached for another day, for better security.)
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: RFE: Option to use POP3/IMAP password for SMTP and LDAP → RFE: Expose UI for Option to use POP3/IMAP password for SMTP and LDAP
sorry, there's no option for LDAP. LDAP plays pretty far away from the sandbox that the rest of mail&news runs in. Dan would know if it would be possible to do this...
Is the option - as it is impmlemented now - configurable for single accounts? Or just globally? I believe it should be possible to configure the behaviour for each account on its own.
it's configurable per smtp server
I think the right way to fix this with LDAP would be to add a .walletRealm preference to LDAP addressbooks. Then whenever the LDAP addrbook code was going to ask wallet to put up an auth prompter, it would first check that pref, and if it was set, it would use that URI as the realm to ask wallet for the password for instead of the URI that normally defines the addressbook.
(In reply to comment #10) > (And to be clear, my request is outside of the password manager functionality; > we want the user to enter their password once per Thunderbird launch, not have > it cached for another day, for better security.) As far as LDAP is concerned it tries to keep the password sitting unencrypted in memory for as short a time as possible. Implementing the caching as you suggest would defeat that. Setting a master password on the password manager, however, should achieve what you want: it'll force the user to type in a password every time they start Thunderbird, and it will cause the passwords to be kept around on disk encrypted.
sorry for the spam. making bugzilla reflect reality as I'm not working on these bugs. filter on FOOBARCHEESE to remove these in bulk.
Assignee: sspitzer → nobody
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.