Quoting Andreas Metzler <ametz...@bebt.de>:
I have forwarded this upstream (URL at top of mail) and would appreciate if
you could subcribe to the bugreport followup there if necessary.
Sure.
Would it possible for you to check whether this is still present in 4.83_rc2?
Yes, it would. I obtained a copy of the source code from Debian
experimental, but since compiling it on wheezy requires that various
critical packages also be upgraded, I decided to run this test on a
virtual machine. Nevertheless, I set up this machine up as a member of
the DAPADAM.NL realm so that same-realm Kerberos authentication worked
for SSH, Dovecot IMAP and Exim. More importantly, cross-realm
authentication worked for SSH and Dovecot IMAP. Sadly, though, Exim
4.83_rc2 refused to accept cross-realm authentication result just as
it does with 4.80-7, so the bug is still present.
Except for a few extra Cyrus SASL lines, the Exim debug output for
this kind of failure with 4.83_rc2 is identical to what it is with
4.80-7:
6199 ...
6199 SMTP>> 250-cerastes.dapadam.nl Hello atheris.umrk.nl [192.168.2.20]
6199 250-SIZE 268435456
6199 250-8BITMIME
6199 250-AUTH GSSAPI
6199 250 HELP
6199 Calling gnutls_record_recv(0xb88a9780, 0xb8ba1580, 4096)
6199 Calling gnutls_record_recv(0xb88a9780, 0xb8ba1580, 4096)
6199 SMTP<< AUTH GSSAPI YIICUgYJKoZIhvcSAQ ... b/3Y1sJ80PWDcR9prw==
6199 Initialised Cyrus SASL server connection; service="smtp"
fqdn="cerastes.dapadam.nl" realm="DAPADAM.NL"
6199 Cyrus SASL set EXTERNAL SSF to 128
6199 Cyrus SASL set local hostport to: 192.168.2.13;25
6199 Cyrus SASL set peer hostport to: 192.168.2.20;54405
6199 Calling sasl_server_start(GSSAPI,"YII ... 3Y1sJ80PWDcR9prw==")
6199 SMTP>> 334 YIGZBgkqhkiG9xIBAgICAG+BiT ... i98ChosvjBmbz8kJHOXj
6199 tls_do_write(0xb8878870, 214)
6199 gnutls_record_send(SSL, 0xb8878870, 214)
6199 outbytes=214
6199 Calling gnutls_record_recv(0xb88a9780, 0xb8ba1580, 4096)
6199 Calling gnutls_record_recv(0xb88a9780, 0xb8ba1580, 4096)
6199 SMTP<<
6199 Calling sasl_server_step("")
6199 SMTP>> 334 BQQF/wAMAAAAAAAAFdqCVwEAAABJ3AG88l8KrJHuSWA=
6199 tls_do_write(0xb8878870, 50)
6199 gnutls_record_send(SSL, 0xb8878870, 50)
6199 outbytes=50
6199 Calling gnutls_record_recv(0xb88a9780, 0xb8ba1580, 4096)
6199 Calling gnutls_record_recv(0xb88a9780, 0xb8ba1580, 4096)
6199 SMTP<< BQQE/wAMAAAAAAAAK2wCCQEAAABqd2luaXVz31NvoPPqHuoDQ3Qo
6199 Calling sasl_server_step("BQQE/wAMAAA ... Vz31NvoPPqHuoDQ3Qo")
6199 Cyrus SASL permanent failure -13 (authentication failure)
6199 LOG: REJECT
6199 sasl_gssapi authenticator (GSSAPI):
6199 Cyrus SASL permanent failure: authentication failure
6199 SMTP>> 535 Incorrect authentication data
6199 tls_do_write(0xb8878870, 35)
6199 gnutls_record_send(SSL, 0xb8878870, 35)
6199 outbytes=35
6199 LOG: MAIN REJECT
6199 sasl_gssapi authenticator failed for atheris.umrk.nl
[192.168.2.20]: 535 Incorrect authentication data
6199 Calling gnutls_record_recv(0xb88a9780, 0xb8ba1580, 4096)
6199 Calling gnutls_record_recv(0xb88a9780, 0xb8ba1580, 4096)
6199 SMTP<< QUIT
6199 SMTP>> 221 cerastes.dapadam.nl closing connection
6199 tls_do_write(0xb8878870, 44)
6199 gnutls_record_send(SSL, 0xb8878870, 44)
6199 outbytes=44
6199 tls_close(): shutting down TLS
6199 LOG: smtp_connection MAIN
6199 SMTP connection from atheris.umrk.nl [192.168.2.20] closed by QUIT
6199 search_tidyup called
Cheers,
Jaap
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
