I've looked for an OWA with SSL client support -> Thunderbird proxy before with no luck. The closest I've found is the webmail extensions for Thunderbird: http://webmail.mozdev.org/ You get SSL client (smartcard) support for free since it is part of Thunderbird, and the POP and IMAP server is already written. I understand the OWA protocols are similar to the ones for Hotmail, but I haven't had any time to work on it. Neil John H. wrote: > I've been informed that evolution will support this in 2.22. > > For now, does anyone know of a working OWA gateway I can use with > thunderbird, which seems to have support for what you are talking > about? > > On 10/17/07, David Mueller <dsm42@xxxxxxxxx> wrote: >> Here's the problem. The way our OWA servers are configured, they require a client to provide a certificate to connect to them. It's on our smart cards. Web browsers like Firefox, SeaMonkey, Internet Explorer, and Safari can be configured to provide that certificate from a smart card. Email clients like Evolution and Entourage don't know how to do that. They know how to sign and encrypt/decrypt email messages using the certificates and keys on the smart card, but not how to provide the client certificate on an SSL connection. >> >> - David >> >> ----- Original Message ----- >> From: "John H." >> To: "David Mueller" >> Subject: Re: Re: coolkey and evolution >> Date: Tue, 16 Oct 2007 21:37:37 -0500 >> >> >> Does this tell you anything? >> Although coolkey works with evolution to get certs off card and show >> up in "certificates," the 401 error I get below is the same error I >> get with firefox when the card is not even in the reader. >> >> I'd use thunderbird if it supported OWA, which it doesn't, so... >> >> (evolution:20207): e-data-server-ui-WARNING **: Key file does not have >> key 'exchange:__domain\first.last@https:__webmail.foo.bar.gov_' >> GET HTTP/1.1 >> E2k-Debug: 0xb793be70 @ 1192518115 >> Host: webmail.foo.bar.gov >> Accept-Language: en-US, en >> Authorization: NTLM >> TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA >> User-Agent: Evolution/1.10.3.1 >> >> 401 Unauthorized ( The server requires authorization to fulfill the >> request. Access to the Web server is denied. Contact the server >> administrator. ) >> E2k-Debug: 0xb793be70 @ 1192518121 >> Pragma: no-cache >> Connection: close >> Cache-Control: no-cache >> Content-Length: 1825 >> Content-Type: text/html >> >> GET HTTP/1.1 >> E2k-Debug: 0xb793bed8 @ 1192518123 >> Host: webmail.foo.bar.gov >> Accept-Language: en-US, en >> User-Agent: Evolution/1.10.3.1 >> >> 401 Unauthorized ( The server requires authorization to fulfill the >> request. Access to the Web server is denied. Contact the server >> administrator. ) >> E2k-Debug: 0xb793bed8 @ 1192518128 >> Pragma: no-cache >> Cache-Control: no-cache >> Content-Length: 1825 >> Content-Type: text/html >> >> >> On 10/16/07, David Mueller wrote: >>> I'm inclined to agree with the assessment that Evolution doesn't >>> understand SSL client authentication. I haven't tried with >>> Evolution (when I can't get it to properly select a cert off the >>> card for signing and encrypting messages for a regular IMAP/SMTP >>> server, it wasn't worth my time to continue further when >>> Thunderbird works great), but I have also had to deal with an OWA >>> server that requires both a client certificate and >>> username/password. I tried it with Microsoft Entourage 2004, >>> which also uses OWA to communicate with an Exchange server, and >>> it didn't work there, either. >>> >>> - David >>> >>> ----- Original Message ----- >>> From: "Timothy J. Miller" >>> To: "John H." >>> Subject: Re: Re: coolkey and evolution >>> Date: Mon, 15 Oct 2007 08:05:52 -0500 >>> >>> >>> >>> On Oct 14, 2007, at 11:07 PM, John H. wrote: >>> >>>> The problem is, I am not sure if it's being used or not. In firefox, >>>> I go to https://webmail.foo.bar.gov and it prompts me for my pin via >>>> coolkey, then user/password, then I check my OWA account. >>> Am I to assume from this that your OWA deployment is not accepting >>> PKI authentication? If so, then you're not really gaining anything >>> with the smartcard. >>> >>>> I have OWA access set up in Evolution and use it for a regular OWA >>>> account, however, I wanted to use this .gov account, but when I tell >>>> evolution to authenticate and give it the correct user/pass, it says >>>> invalid username/password. Is this evolution that is at fault or >>>> coolkey? Why would it work in firefox? >>> Likely because Evolution doesn't understand SSL client >>> authentication. At all. Even with IMAPS, so far as I can tell. >>> >>> If it's working in FF but not in Evolution that's a pretty solid >>> indication that the problem is Evolution. >>> >>> -- Tim >>> << smime.p7s >> >>> >>> _______________________________________________ >>> Coolkey-devel mailing list >>> Coolkey-devel@xxxxxxxxxx >>> https://www.redhat.com/mailman/listinfo/coolkey-devel >>> >>> >>> -- >>> Want an e-mail address like mine? >>> Get a free e-mail account today at www.mail.com! >>> >>> >>> _______________________________________________ >>> Coolkey-devel mailing list >>> Coolkey-devel@xxxxxxxxxx >>> https://www.redhat.com/mailman/listinfo/coolkey-devel >>> >> >> -- >> Want an e-mail address like mine? >> Get a free e-mail account today at www.mail.com! >> >> >> _______________________________________________ >> Coolkey-devel mailing list >> Coolkey-devel@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/coolkey-devel >> > > _______________________________________________ > Coolkey-devel mailing list > Coolkey-devel@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/coolkey-devel _______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
