Another thing that would be at least better than what I have now is using coolkey or something with IE in linux through wine. Has anyone done this? I would at least get OWA premium if I did so. I use ies4linux which allows me to use IE, can I somehow get it to use coolkey or something so it can access my card? On 10/18/07, John H. <mistamaila@xxxxxxxxx> wrote: > Thanks, but from what I read about webmail.mozdev.org, it only has > those supported domains that you can use. > > It looks like I may have to wait for evolution 2.22 which will have > smartcard and ssl auth support. > > On 10/18/07, Neil M. <nabber00@xxxxxxxxx> wrote: > > I've looked for an OWA with SSL client support -> Thunderbird proxy > > before with no luck. The closest I've found is the webmail extensions > > for Thunderbird: > > > > http://webmail.mozdev.org/ > > > > You get SSL client (smartcard) support for free since it is part of > > Thunderbird, and the POP and IMAP server is already written. I > > understand the OWA protocols are similar to the ones for Hotmail, but I > > haven't had any time to work on it. > > > > Neil > > > > John H. wrote: > > > I've been informed that evolution will support this in 2.22. > > > > > > For now, does anyone know of a working OWA gateway I can use with > > > thunderbird, which seems to have support for what you are talking > > > about? > > > > > > On 10/17/07, David Mueller <dsm42@xxxxxxxxx> wrote: > > >> Here's the problem. The way our OWA servers are configured, they require a client to provide a certificate to connect to them. It's on our smart cards. Web browsers like Firefox, SeaMonkey, Internet Explorer, and Safari can be configured to provide that certificate from a smart card. Email clients like Evolution and Entourage don't know how to do that. They know how to sign and encrypt/decrypt email messages using the certificates and keys on the smart card, but not how to provide the client certificate on an SSL connection. > > >> > > >> - David > > >> > > >> ----- Original Message ----- > > >> From: "John H." > > >> To: "David Mueller" > > >> Subject: Re: Re: coolkey and evolution > > >> Date: Tue, 16 Oct 2007 21:37:37 -0500 > > >> > > >> > > >> Does this tell you anything? > > >> Although coolkey works with evolution to get certs off card and show > > >> up in "certificates," the 401 error I get below is the same error I > > >> get with firefox when the card is not even in the reader. > > >> > > >> I'd use thunderbird if it supported OWA, which it doesn't, so... > > >> > > >> (evolution:20207): e-data-server-ui-WARNING **: Key file does not have > > >> key 'exchange:__domain\first.last@https:__webmail.foo.bar.gov_' > > >> GET HTTP/1.1 > > >> E2k-Debug: 0xb793be70 @ 1192518115 > > >> Host: webmail.foo.bar.gov > > >> Accept-Language: en-US, en > > >> Authorization: NTLM > > >> TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA > > >> User-Agent: Evolution/1.10.3.1 > > >> > > >> 401 Unauthorized ( The server requires authorization to fulfill the > > >> request. Access to the Web server is denied. Contact the server > > >> administrator. ) > > >> E2k-Debug: 0xb793be70 @ 1192518121 > > >> Pragma: no-cache > > >> Connection: close > > >> Cache-Control: no-cache > > >> Content-Length: 1825 > > >> Content-Type: text/html > > >> > > >> GET HTTP/1.1 > > >> E2k-Debug: 0xb793bed8 @ 1192518123 > > >> Host: webmail.foo.bar.gov > > >> Accept-Language: en-US, en > > >> User-Agent: Evolution/1.10.3.1 > > >> > > >> 401 Unauthorized ( The server requires authorization to fulfill the > > >> request. Access to the Web server is denied. Contact the server > > >> administrator. ) > > >> E2k-Debug: 0xb793bed8 @ 1192518128 > > >> Pragma: no-cache > > >> Cache-Control: no-cache > > >> Content-Length: 1825 > > >> Content-Type: text/html > > >> > > >> > > >> On 10/16/07, David Mueller wrote: > > >>> I'm inclined to agree with the assessment that Evolution doesn't > > >>> understand SSL client authentication. I haven't tried with > > >>> Evolution (when I can't get it to properly select a cert off the > > >>> card for signing and encrypting messages for a regular IMAP/SMTP > > >>> server, it wasn't worth my time to continue further when > > >>> Thunderbird works great), but I have also had to deal with an OWA > > >>> server that requires both a client certificate and > > >>> username/password. I tried it with Microsoft Entourage 2004, > > >>> which also uses OWA to communicate with an Exchange server, and > > >>> it didn't work there, either. > > >>> > > >>> - David > > >>> > > >>> ----- Original Message ----- > > >>> From: "Timothy J. Miller" > > >>> To: "John H." > > >>> Subject: Re: Re: coolkey and evolution > > >>> Date: Mon, 15 Oct 2007 08:05:52 -0500 > > >>> > > >>> > > >>> > > >>> On Oct 14, 2007, at 11:07 PM, John H. wrote: > > >>> > > >>>> The problem is, I am not sure if it's being used or not. In firefox, > > >>>> I go to https://webmail.foo.bar.gov and it prompts me for my pin via > > >>>> coolkey, then user/password, then I check my OWA account. > > >>> Am I to assume from this that your OWA deployment is not accepting > > >>> PKI authentication? If so, then you're not really gaining anything > > >>> with the smartcard. > > >>> > > >>>> I have OWA access set up in Evolution and use it for a regular OWA > > >>>> account, however, I wanted to use this .gov account, but when I tell > > >>>> evolution to authenticate and give it the correct user/pass, it says > > >>>> invalid username/password. Is this evolution that is at fault or > > >>>> coolkey? Why would it work in firefox? > > >>> Likely because Evolution doesn't understand SSL client > > >>> authentication. At all. Even with IMAPS, so far as I can tell. > > >>> > > >>> If it's working in FF but not in Evolution that's a pretty solid > > >>> indication that the problem is Evolution. > > >>> > > >>> -- Tim > > >>> << smime.p7s >> > > >>> > > >>> _______________________________________________ > > >>> Coolkey-devel mailing list > > >>> Coolkey-devel@xxxxxxxxxx > > >>> https://www.redhat.com/mailman/listinfo/coolkey-devel > > >>> > > >>> > > >>> -- > > >>> Want an e-mail address like mine? > > >>> Get a free e-mail account today at www.mail.com! > > >>> > > >>> > > >>> _______________________________________________ > > >>> Coolkey-devel mailing list > > >>> Coolkey-devel@xxxxxxxxxx > > >>> https://www.redhat.com/mailman/listinfo/coolkey-devel > > >>> > > >> > > >> -- > > >> Want an e-mail address like mine? > > >> Get a free e-mail account today at www.mail.com! > > >> > > >> > > >> _______________________________________________ > > >> Coolkey-devel mailing list > > >> Coolkey-devel@xxxxxxxxxx > > >> https://www.redhat.com/mailman/listinfo/coolkey-devel > > >> > > > > > > _______________________________________________ > > > Coolkey-devel mailing list > > > Coolkey-devel@xxxxxxxxxx > > > https://www.redhat.com/mailman/listinfo/coolkey-devel > > > > _______________________________________________ > > Coolkey-devel mailing list > > Coolkey-devel@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/coolkey-devel > > > _______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
