Re: Re: coolkey and evolution

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Here's the problem.  The way our OWA servers are configured, they require a client to provide a certificate to connect to them.  It's on our smart cards.  Web browsers like Firefox, SeaMonkey, Internet Explorer, and Safari can be configured to provide that certificate from a smart card.  Email clients like Evolution and Entourage don't know how to do that.  They know how to sign and encrypt/decrypt email messages using the certificates and keys on the smart card, but not how to provide the client certificate on an SSL connection.

- David

----- Original Message -----
From: "John H." 
To: "David Mueller" 
Subject: Re:  Re: coolkey and evolution
Date: Tue, 16 Oct 2007 21:37:37 -0500


Does this tell you anything?
Although coolkey works with evolution to get certs off card and show
up in "certificates,"  the 401 error I get below is the same error I
get with firefox when the card is not even in the reader.

I'd use thunderbird if it supported OWA, which it doesn't, so...

(evolution:20207): e-data-server-ui-WARNING **: Key file does not have
key 'exchange:__domain\first.last@https:__webmail.foo.bar.gov_'
GET  HTTP/1.1
E2k-Debug: 0xb793be70 @ 1192518115
Host: webmail.foo.bar.gov
Accept-Language: en-US, en
Authorization: NTLM
TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA
User-Agent: Evolution/1.10.3.1

401 Unauthorized ( The server requires authorization to fulfill the
request. Access to the Web server is denied. Contact the server
administrator.  )
E2k-Debug: 0xb793be70 @ 1192518121
Pragma: no-cache
Connection: close
Cache-Control: no-cache
Content-Length: 1825
Content-Type: text/html

GET  HTTP/1.1
E2k-Debug: 0xb793bed8 @ 1192518123
Host: webmail.foo.bar.gov
Accept-Language: en-US, en
User-Agent: Evolution/1.10.3.1

401 Unauthorized ( The server requires authorization to fulfill the
request. Access to the Web server is denied. Contact the server
administrator.  )
E2k-Debug: 0xb793bed8 @ 1192518128
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 1825
Content-Type: text/html


On 10/16/07, David Mueller  wrote:
> I'm inclined to agree with the assessment that Evolution doesn't 
> understand SSL client authentication.  I haven't tried with 
> Evolution (when I can't get it to properly select a cert off the 
> card for signing and encrypting messages for a regular IMAP/SMTP 
> server, it wasn't worth my time to continue further when 
> Thunderbird works great), but I have also had to deal with an OWA 
> server that requires both a client certificate and 
> username/password.  I tried it with Microsoft Entourage 2004, 
> which also uses OWA to communicate with an Exchange server, and 
> it didn't work there, either.
>
> - David
>
> ----- Original Message -----
> From: "Timothy J. Miller"
> To: "John H."
> Subject: Re:  Re: coolkey and evolution
> Date: Mon, 15 Oct 2007 08:05:52 -0500
>
>
>
> On Oct 14, 2007, at 11:07 PM, John H. wrote:
>
> > The problem is, I am not sure if it's being used or not.  In firefox,
> > I go to https://webmail.foo.bar.gov and it prompts me for my pin via
> > coolkey, then user/password, then I check my OWA account.
>
> Am I to assume from this that your OWA deployment is not accepting
> PKI authentication?  If so, then you're not really gaining anything
>   with the smartcard.
>
> > I have OWA access set up in Evolution and use it for a regular OWA
> > account, however, I wanted to use this .gov account, but when I tell
> > evolution to authenticate and give it the correct user/pass, it says
> > invalid username/password.  Is this evolution that is at fault or
> > coolkey?  Why would it work in firefox?
>
> Likely because Evolution doesn't understand SSL client
> authentication.  At all.  Even with IMAPS, so far as I can tell.
>
> If it's working in FF but not in Evolution that's a pretty solid
> indication that the problem is Evolution.
>
> -- Tim
> << smime.p7s >>
>
> _______________________________________________
> Coolkey-devel mailing list
> Coolkey-devel@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/coolkey-devel
>
>
> --
> Want an e-mail address like mine?
> Get a free e-mail account today at www.mail.com!
>
>
> _______________________________________________
> Coolkey-devel mailing list
> Coolkey-devel@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/coolkey-devel
>


-- 
Want an e-mail address like mine?
Get a free e-mail account today at www.mail.com!


_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux