Open
Bug 515371
Opened 15 years ago
Updated 2 years ago
make new autoconfig verify logon of password-less accounts (e.g., GSSAPI)
Categories
(Thunderbird :: Account Manager, defect, P3)
Thunderbird
Account Manager
Tracking
(Not tracked)
NEW
People
(Reporter: Bienvenu, Unassigned)
References
Details
(Whiteboard: [no l10n impact])
The new autoconfig code doesn't call verifyLogon if the user doesn't specify a password. GSSAPI auth doesn't require a password, so we should figure out a way of allowing empty passwords and verifying that the user can logon - perhaps we can check for the gssapi capability for imap/pop and remember it. There may be other cert-based authentication mechanisms, but GSSAPI is the most popular one, afaik.
Comment 1•15 years ago
|
||
I think I'll probably be the one doing the work on this. :) Did we want it to block rc1? Thanks, Blake.
Assignee: nobody → bwinton
Status: NEW → ASSIGNED
Reporter | ||
Comment 2•15 years ago
|
||
If it's not too hard to do, I think it should block rc1. I'd at least block rc1 on making sure autoconfig can be used to set up gssapi servers, and I will try that at some point in the near future.
Flags: blocking-thunderbird3+
Comment 3•15 years ago
|
||
Cert auth might also work without password. Gozer how much work would it be to setup a server which does auth based on the cert only and extracts the logging from the email embed in the cert ?
Comment 4•15 years ago
|
||
(In reply to comment #3) > Cert auth might also work without password. Gozer how much work would it be to > setup a server which does auth based on the cert only and extracts the logging > from the email embed in the cert ? My favorite imap server, cyrus doesn't seem to know how to do that, but it looks like dovecot can do it. I'd think it wouldn't be too difficult to setup. How soon would this be wanted ?
Reporter | ||
Comment 5•15 years ago
|
||
the next week or two would be fine - sometime relatively early in the rc1 dev cycle.
Comment 6•15 years ago
|
||
I've now got Courrier on imaps://mail-test.mozillamessaging.com:995/ running with client-cert authentication supported. If you already have a MoMo client cert, it should work.
Updated•15 years ago
|
Whiteboard: [no l10n impact]
Updated•15 years ago
|
Priority: -- → P3
Comment 7•15 years ago
|
||
(In reply to comment #2) > If it's not too hard to do, I think it should block rc1. I'd at least block rc1 > on making sure autoconfig can be used to set up gssapi servers, and I will try > that at some point in the near future. So, I tested this with a MoMo client cert against mail-test.mozillamessaging.com, and it seemed to work just fine. I'm going to see what I can do to check for passwordless servers, and attempt to verify the username/login, although since I don't think we would report an error (in case they just didn't want to put in their password, for some other reason), I'm not entirely sure what I'll do on success or failure. Still, let's burn that bridge when I get to it.
Reporter | ||
Comment 8•15 years ago
|
||
taking off the blocker list - it doesn't sound bad. We'd definitely still take a fix, if there are some quick safe improvements.
Flags: wanted-thunderbird3+
Flags: blocking-thunderbird3-
Flags: blocking-thunderbird3+
Updated•15 years ago
|
OS: Windows NT → All
Hardware: x86 → All
Target Milestone: Thunderbird 3.0rc1 → ---
Comment 9•10 years ago
|
||
I'm not really working on these, so I'm freeing them up for a community member to take. (Filter on [ossifrage] to delete all the notifications.)
Assignee: bwinton → nobody
Status: ASSIGNED → NEW
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•