Re: Problems with GSSAPI authentication

[simon@josefsson.org]

Jonas Oberg <jonas@gnu.org> writes:

> I'm trying to use GSSAPI (Kerberos V) authentification in Gnus against
> a remote host. I've installed and configured everything so that the
> imtest program works flawlessly from the command-line.  Like this;
> 
> $ imtest -m gssapi imaphost
> C: C01 CAPABILITY
> S: * OK imaphost IMAP4rev1 v12.250 server ready
> S: * CAPABILITY IMAP4 IMAP4REV1 NAMESPACE IDLE SCAN SORT MAILBOX-REFERRALS LOGIN-REFERRALS AUTH=GSSAPI AUTH=LOGIN THREAD=ORDEREDSUBJECT
> S: C01 OK CAPABILITY completed
> [...]
> C: A01 AUTHENTICATE GSSAPI
> [...]
> S: A01 OK AUTHENTICATE completed
> Authenticated.
> 
> Now, when I try to connect to imaphost in Gnus, it correctly launches
> imtest with the correct parameters (imtest -m gssapi -u jonas -p 143 imaphost).
> I can tell from the logs on the imaphost that Gnus connects and is
> authenticated, but then nothing happens. It just sits there doing nothing.
> A strace on the imapd on the server tells me that it's waiting for Gnus
> to issue a command, but this seems to never happen.
> 
> Any suggestions?

See variable `imap-log'. Also, setting `debug-on-quit' non-nil and
pressing C-g and looking at the backtrace can be useful.  Output in
*Messages* can also help debug it.

I'm not aware of anyone actually using GSSAPI and I didn't test it
myself when I wrote it, so it isn't entirely impossible that it
doesn't work. :-)

One caveat though: I _think_ the imtest binary uses the OS's
line-buffers for reading commands.  Under several OS's this
line-buffer is simply too short to be useful (256 chars is common,
I've seen 64 or 80 chars).  You might want to patch imtest to read
character-by-character instead (it's a simple termcap call, I could
see if I still got my patch around).