Using Mozilla Thunderbird with Kerberos

From Provider Wiki

Jump to: navigation, search


Mozilla Thunderbird 1.5 (and higher) works with kerberos. For Macs, it works pretty much as expected (see below) and on Windows it only requires one extra setting configuration (except when using Kerberized Thunderbird off-campus, see Special Note).

Configuring Thunderbird for kerberos on Mac OS X:

  1. Get a kerberos TGT ticket through the kerberos ticket manager
  2. Under Tools -> Account Settings in the Server Settings section, make sure that the "Use Secure Authentication" box is checked (this enables Kerberos for IMAP/POP connections).
  3. To use kerberos for SMTP, go to Outgoing Server and click the Edit button. In the bottom half of the window that appears in the "Security and Authentication" section, make sure that the checkbox labeled "Use name and password" is checked, and click Ok and Ok to accept the changes

Configuring Thunderbird for kerberos on Windows: (steps 1-3 same as Mac OS X)

  1. Get a kerberos TGT ticket through the kerberos ticket manager
  2. Under Tools -> Account Settings in the Server Settings section, make sure that the "Use Secure Authentication" box is checked (this enables kerberos for IMAP/POP connections).
  3. To use kerberos for SMTP, go to Outgoing Server and click the Edit button. In the bottom half of the window that appears in the "Security and Authentication" section, make sure that the checkbox labeled "Use name and password" is checked, and click Ok and Ok to accept the changes
  4. Open the Advanced Config editor by going to Tools -> Options. Click on the Advanced button on the far right. In the General tab, there's a "Config Editor" button. Click it.
  5. Type sspi into the filter bar.
  6. Double click the one value that appears to change it from True to False. Close the Config Editor, and hit Ok to close the Options window.


SPECIAL NOTE for using Kerberized Thunderbird off-campus with Windows:

The the NAT setting in the ticket manager, a.k.a. Network Identity Manager 3.2, must be edited to use Kerberized Thunderbird off-campus.

  1. Click Options menu, select Identities
  2. Click Kerberos V5 tab and place check in checkbox next to "Addressless"

When Addressless is selected, the tickets do not contain IP address information. This enables the tickets to be used from behind Network Address Translators which are frequently found in Cable and DSL Modems.

See also

Retrieved from "http://prowiki.isc.upenn.edu/wiki/Using_Mozilla_Thunderbird_with_Kerberos"
Personal tools