[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems with GSSAPI authentication

To: nnimap@josefsson.org
Subject: Re: Problems with GSSAPI authentication
From: Jonas Oberg <jonas@gnu.org>
Date: 11 Aug 2000 16:00:55 +0200
Delivery-date: Fri, 11 Aug 2000 16:00:55 +0200
Organization: Free Software Foundation
References: <87vgx89era.fsf@poledra.coyote.org><ilu8zu40xj9.fsf@barbar.josefsson.org>
Sender: jonas@poledra.coyote.org
User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7

simon@josefsson.org writes:

> See variable `imap-log'. Also, setting `debug-on-quit' non-nil and
> pressing C-g and looking at the backtrace can be useful.

I couldn't get debug-on-quit to work, but I got plenty of help from
imap-log. I've actually managed to hack imap.el in a horribly broken
way to allow it to connect, more or less.  Actually, the problem
seems to be differences between different versions of imtest.

What I did here was to make it look for "S: A01 OK" and do an
(setq imap-state 'auth) directly in imap-gssapi-open without calling
imap-parse-greeting.  This may be horribly broken, and I don't even
know if nnimap expects imap-state to be 'auth when it leaves imap-gssapi-open
:-)

This is as far as I can get now;

| Opening nnimap server on fencepost.gnu.org...
| Waiting for response from fencepost.gnu.org...done
|| * OK fencepost.gnu.org IMAP4rev1 v12.250 server ready
|| 1 CAPABILITY
|| * CAPABILITY IMAP4 IMAP4REV1 NAMESPACE IDLE SCAN SORT MAILBOX-REFERRALS LOGIN-REFERRALS AUTH=GSSAPI AUTH=LOGIN THREAD=ORDEREDSUBJECT
|| 1 OK CAPABILITY completed
|| 2 LOGOUT
|| * BYE fencepost.gnu.org IMAP4rev1 server terminating connection
|| 2 OK LOGOUT completed
| Reconnecting with gssapi...

So far so good, finding that the server supports GSSAPI, and trying to
use that.

| Opening GSSAPI IMAP connection with `imtest -m gssapi -u %l -p %p %s'...
|| C: C01 CAPABILITY
|| S: * OK fencepost.gnu.org IMAP4rev1 v12.250 server ready
|| S: * CAPABILITY IMAP4 IMAP4REV1 NAMESPACE IDLE SCAN SORT MAILBOX-REFERRALS LOGIN-REFERRALS AUTH=GSSAPI AUTH=LOGIN THREAD=ORDEREDSUBJECT
|| S: C01 OK CAPABILITY completed
|| [...]
|| C: A01 AUTHENTICATE GSSAPI
|| [,..]
|| S: A01 OK AUTHENTICATE completed
|| Authenticated.
|| Security strength factor: 0
| GSSAPI IMAP connection: Authenticated.

This is where imap-gssapi-open leaves and hands it on to the next
instance (with imap-state 'auth).

|| 3 CAPABILITY
|| * CAPABILITY IMAP4 IMAP4REV1 NAMESPACE IDLE SCAN SORT MAILBOX-REFERRALS LOGIN-REFERRALS AUTH=GSSAPI AUTH=LOGIN THREAD=ORDEREDSUBJECT
|| 3 OK CAPABILITY completed
| Waiting for response from fencepost.gnu.org...done

Alright, we're looking at what the server is capable of doing. Should it
do this? I don't know; imap.el scares me. ;-)

|| 4 LOGOUT
|| * BYE fencepost.gnu.org IMAP4rev1 server terminating connection
|| 4 OK LOGOUT completed

And then we LOGOUT from the server, and Gnus complains about

| Unable to contact server fencepost.gnu.org: nil

Follow-Ups:
- Re: Problems with GSSAPI authentication
  - From: simon@josefsson.org

References:
- Problems with GSSAPI authentication
  - From: Jonas Oberg <jonas@gnu.org>
- Re: Problems with GSSAPI authentication
  - From: simon@josefsson.org

Prev by Date: Re: Problems with GSSAPI authentication
Next by Date: Re: Problems with GSSAPI authentication
Prev by thread: Re: Problems with GSSAPI authentication
Next by thread: Re: Problems with GSSAPI authentication
Index(es):
- Date
- Thread