Ken Hornstein <kenh(_at_)pobox(_dot_)com> wrote:
(tls-decrypted) <= 250-AUTH GSSAPI NTLM LOGIN
Do you want to use GSSAPI (really Kerberos), NTLM, or LOGIN?
Presumably you'd know if you were doing Kerberos; if you are using
Kerberos, you'd be running kinit and _not_ be putting a password in your
.netrc. That's failing because you don't have a Kerberos credential
cache.
If you're trying to do NTLM, then I don't know what the client-side support
for that looks like.
If you're trying to do LOGIN (which I suspect is most likely), then the
problem is that the cyrus-sasl library is picking out the mechanism to
use based on what the server is saying it prefers, which is (in order of
most preferred to least preferred) GSSAPI, then NTLM, then LOGIN. So if
you want to force a particular mechanism, you need to add an appropriate
-saslmech option (in this case, -saslmech LOGIN).
Thank you! Adding -saslmech LOGIN worked like a charm.
That description would be a welcome addition to the currently terse
reference to -saslmech in the manual.
--Ken
--
Bill Wohler <wohler(_at_)newt(_dot_)com> aka
<Bill(_dot_)Wohler(_at_)nasa(_dot_)gov>
http://www.newt.com/wohler/
GnuPG ID:610BD9AD
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers