Ticket #317 (closed defect: fixed)

Opened 12 years ago

Last modified 12 years ago

All mail clients must use SSL and the appropriate authentication method when using Hesiod

Reported by: jdreed Owned by:
Priority: blocker Milestone: Fall 2009 Release
Component: -- Keywords:
Cc: Fixed in version:
Upstream bug:

Description

Because no one bothered to test hesiod before assuming it would work, we broke the world.

We should default Pine, Evolution and other clients to using SSL, and that will ensure that both krb4 PO servers and imap.exchange work.

And we should test things this time :-)

Change History

comment:1 Changed 12 years ago by rbasch

It looks like we lose here with mitmailutils, because the Perl interface to the Cyrus imclient library does not seem to support SSL. These scripts would currently not be very useful anyway for Exchange users, since password authentication is required, but we should investigate the alternatives, for when the Exchange server supports GSSAPI.

comment:2 Changed 12 years ago by broder

  • Owner set to broder
  • Status changed from new to accepted

Fix committed for alpine in r23931, but I can't build it at the moment because the Squeeze apt repository is broken. I'll try again later.

comment:3 Changed 12 years ago by broder

  • Status changed from accepted to assigned
  • Owner broder deleted

Err...I don't actually want this whole thing to be assigned to me.

comment:4 Changed 12 years ago by broder

alpine is now using SSL.
thunderbird has always used SSL.

mutt seems to hang on the authentication step if I configure it to use SSL (by changing imap:// to imaps:// in debian/debathena-mutt-folder), and then segfault later.

Somebody still needs to patch Evolution - I don't know it well enough to know what needs to be done.

comment:5 Changed 12 years ago by rbasch

Our evolution wrapper is already configuring the IMAP account to use SSL. But it is always setting it for KERBEROS_V4 authentication (unless the installed package does not support krb4), which fails on Exchange, of course. Also, the wrapper does not take into account that the (previous) IMAP server URI is probably included in ~/.evolution/mail/config/folder-tree-expand-state.xml, in the <selected> folder element, and evolution will try to connect to that URI. So, when we are changing the server for the account, we need to either edit or remove the file (removing it might be safer, but then the user loses the previous state).

The wrapper also needs to be able to handle the case where imap.exchange is the old server; currently it handles only po*.mit.edu when replacing the server name in the account config.

comment:6 Changed 12 years ago by rbasch

  • Summary changed from All mail clients must use SSL when using Hesiod to All mail clients must use SSL and the appropriate authentication method when using Hesiod

Addressed for the evolution wrapper in r23955, now in -proposed. In addition to handling an IMAP.EXCHANGE POBOX setting, it will use the appropriate authentication method for the server, and update folder-tree-expand-state.xml when the server changes.

comment:7 Changed 12 years ago by broder

  • Status changed from assigned to proposed

I've updated mutt-config in r23959 and uploaded it to -proposed.

I think that leaves mitmailutils as the only mail client that won't do SSL, but we also have mitmailutils universally bail against EXCHANGE to begin with, so it's not actively broken behavior, just useless.

If we want to start looking into how we adapt mitmailutils, I think we should do it in a separate task, so I'll plan to close this one once evolution-wrapper and mutt-config make it into production.

comment:8 Changed 12 years ago by broder

mutt-config is now in production.

geofft is going to test evolution-wrapper tomorrow.

comment:9 Changed 12 years ago by geofft

  • Status changed from proposed to closed
  • Resolution set to fixed

I finally tested evolution-wrapper on a non-Exchange and an Exchange account; it works, so I moved it to production.

Note: See TracTickets for help on using tickets.