Re: Re: coolkey and evolution

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've looked for an OWA with SSL client support -> Thunderbird proxy
before with no luck.  The closest I've found is the webmail extensions
for Thunderbird:

http://webmail.mozdev.org/

You get SSL client (smartcard) support for free since it is part of
Thunderbird, and the POP and IMAP server is already written.  I
understand the OWA protocols are similar to the ones for Hotmail, but I
haven't had any time to work on it.

Neil

John H. wrote:
> I've been informed that evolution will support this in 2.22.
> 
> For now, does anyone know of a working OWA gateway I can use with
> thunderbird, which seems to have support for what you are talking
> about?
> 
> On 10/17/07, David Mueller <dsm42@xxxxxxxxx> wrote:
>> Here's the problem.  The way our OWA servers are configured, they require a client to provide a certificate to connect to them.  It's on our smart cards.  Web browsers like Firefox, SeaMonkey, Internet Explorer, and Safari can be configured to provide that certificate from a smart card.  Email clients like Evolution and Entourage don't know how to do that.  They know how to sign and encrypt/decrypt email messages using the certificates and keys on the smart card, but not how to provide the client certificate on an SSL connection.
>>
>> - David
>>
>> ----- Original Message -----
>> From: "John H."
>> To: "David Mueller"
>> Subject: Re:  Re: coolkey and evolution
>> Date: Tue, 16 Oct 2007 21:37:37 -0500
>>
>>
>> Does this tell you anything?
>> Although coolkey works with evolution to get certs off card and show
>> up in "certificates,"  the 401 error I get below is the same error I
>> get with firefox when the card is not even in the reader.
>>
>> I'd use thunderbird if it supported OWA, which it doesn't, so...
>>
>> (evolution:20207): e-data-server-ui-WARNING **: Key file does not have
>> key 'exchange:__domain\first.last@https:__webmail.foo.bar.gov_'
>> GET  HTTP/1.1
>> E2k-Debug: 0xb793be70 @ 1192518115
>> Host: webmail.foo.bar.gov
>> Accept-Language: en-US, en
>> Authorization: NTLM
>> TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA
>> User-Agent: Evolution/1.10.3.1
>>
>> 401 Unauthorized ( The server requires authorization to fulfill the
>> request. Access to the Web server is denied. Contact the server
>> administrator.  )
>> E2k-Debug: 0xb793be70 @ 1192518121
>> Pragma: no-cache
>> Connection: close
>> Cache-Control: no-cache
>> Content-Length: 1825
>> Content-Type: text/html
>>
>> GET  HTTP/1.1
>> E2k-Debug: 0xb793bed8 @ 1192518123
>> Host: webmail.foo.bar.gov
>> Accept-Language: en-US, en
>> User-Agent: Evolution/1.10.3.1
>>
>> 401 Unauthorized ( The server requires authorization to fulfill the
>> request. Access to the Web server is denied. Contact the server
>> administrator.  )
>> E2k-Debug: 0xb793bed8 @ 1192518128
>> Pragma: no-cache
>> Cache-Control: no-cache
>> Content-Length: 1825
>> Content-Type: text/html
>>
>>
>> On 10/16/07, David Mueller  wrote:
>>> I'm inclined to agree with the assessment that Evolution doesn't
>>> understand SSL client authentication.  I haven't tried with
>>> Evolution (when I can't get it to properly select a cert off the
>>> card for signing and encrypting messages for a regular IMAP/SMTP
>>> server, it wasn't worth my time to continue further when
>>> Thunderbird works great), but I have also had to deal with an OWA
>>> server that requires both a client certificate and
>>> username/password.  I tried it with Microsoft Entourage 2004,
>>> which also uses OWA to communicate with an Exchange server, and
>>> it didn't work there, either.
>>>
>>> - David
>>>
>>> ----- Original Message -----
>>> From: "Timothy J. Miller"
>>> To: "John H."
>>> Subject: Re:  Re: coolkey and evolution
>>> Date: Mon, 15 Oct 2007 08:05:52 -0500
>>>
>>>
>>>
>>> On Oct 14, 2007, at 11:07 PM, John H. wrote:
>>>
>>>> The problem is, I am not sure if it's being used or not.  In firefox,
>>>> I go to https://webmail.foo.bar.gov and it prompts me for my pin via
>>>> coolkey, then user/password, then I check my OWA account.
>>> Am I to assume from this that your OWA deployment is not accepting
>>> PKI authentication?  If so, then you're not really gaining anything
>>>   with the smartcard.
>>>
>>>> I have OWA access set up in Evolution and use it for a regular OWA
>>>> account, however, I wanted to use this .gov account, but when I tell
>>>> evolution to authenticate and give it the correct user/pass, it says
>>>> invalid username/password.  Is this evolution that is at fault or
>>>> coolkey?  Why would it work in firefox?
>>> Likely because Evolution doesn't understand SSL client
>>> authentication.  At all.  Even with IMAPS, so far as I can tell.
>>>
>>> If it's working in FF but not in Evolution that's a pretty solid
>>> indication that the problem is Evolution.
>>>
>>> -- Tim
>>> << smime.p7s >>
>>>
>>> _______________________________________________
>>> Coolkey-devel mailing list
>>> Coolkey-devel@xxxxxxxxxx
>>> https://www.redhat.com/mailman/listinfo/coolkey-devel
>>>
>>>
>>> --
>>> Want an e-mail address like mine?
>>> Get a free e-mail account today at www.mail.com!
>>>
>>>
>>> _______________________________________________
>>> Coolkey-devel mailing list
>>> Coolkey-devel@xxxxxxxxxx
>>> https://www.redhat.com/mailman/listinfo/coolkey-devel
>>>
>>
>> --
>> Want an e-mail address like mine?
>> Get a free e-mail account today at www.mail.com!
>>
>>
>> _______________________________________________
>> Coolkey-devel mailing list
>> Coolkey-devel@xxxxxxxxxx
>> https://www.redhat.com/mailman/listinfo/coolkey-devel
>>
> 
> _______________________________________________
> Coolkey-devel mailing list
> Coolkey-devel@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/coolkey-devel

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux