Mailing List CGatePro@mail.stalker.com Message #93732
From: Andy Kunkle <akunkle@aimengr.com>
Subject: RE: Does anyone have Keberos working with WebMail?
Date: Wed, 16 Jan 2008 15:33:16 -0500
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: CommuniGate Pro MAPI Connector 1.51.14.1/1.51.14.1

Hey Wayne,

 

I have it working here. You are referring to accessing it through the http://mail.domain.com:8100/login link, right?

 

The trick is the formatting of the data file using the ktpass utility. Since you have Kerberos working with IMAP I’m

Assuming you have some experience with this.

 

Here’s my ktpass line that works:

 

ktpass -princ HTTP/mail.domain.com@DOMAIN.COM -mapuser cgatehttp@domain.com -pass xxxxxxx -out httpadc.data -crypto RC4-HMAC-NT -ptype KRB5_NT_SRV_HST -TrustEncryp RC4

                                                               

*** To get this to work you also have to change a setting on the web interface of CommuniGate. Go to Settings > Services > HTTPU > Check "Advertise NTLM Auth" and "Advertise Negotiate Auth" **

 

Make sure the user (in my example it’s cgatehttp) exists on your domain controller, and adhere to the capitalization in HTTP.

 

I also created one for HTTPS as well:

 

ktpass -princ HTTPS/mail.domain.com@DOMAIN.COM -mapuser cgatehttps@domain.com -pass xxxxxxx -out httpsadc.data -crypto RC4-HMAC-NT -ptype KRB5_NT_SRV_HST -TrustEncryp RC4

 

*** To get this to work, same thing… you need to go to Settings > Services > HTTPU > Check "Advertise NTLM Auth" and "Advertise Negotiate Auth" **

 

The crypto was the other part that was giving me problems. I found that a program that comes with the Windows Resource Kit really helped. It’s called kerbtray.exe. If you run that on your domain controller and then click on the tab for “Encryption types” it will show you ticket encryption and key encryption. Whatever yours says, the ktpass command needs to use the same kind… for me it was RSADSI RC4-HMAC so that’s what I had to do…

 

Good luck!

 

Andy Kunkle

IT Manager

AIM Engineering & Surveying, Inc.

5300 Lee Blvd

Lehigh Acres, FL 33971

239-332-4569

 

From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] On Behalf Of Johnston, Wayne
Sent: Tuesday, January 15, 2008 4:30 PM
To: CommuniGate Pro Discussions
Subject: Does anyone have Keberos working with WebMail?

 

I'm still trying to get the HTTP kerberos working.  I have the imap working, and it's great.  I am limited to kerberos instead of running LDAPAuth because of my operating system limitations.  Well, I don't have the cash to get a compiler just for that.  But, anyway.  I'm looking for suggestions.

 

Thank you

 

Wayne Johnston

Director, Information Services

Ripon Medical Center

 

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster