severity 448499 minor thanks Brian:
This is definitely interesting. It's very difficult to tell what's going on since the relevant part (what's different) was blacked out. I'd be interested in what happens if you try -a instead of -u. Since imtest works fine with -u, and the default is just a matter of convenience and the failure is trivial to work around, I'm going to drop the severity of this bug to minor. I don't have much time at the moment to debug it, but I'll definitely leave the bug open. Benjamin brian m. carlson wrote: > Package: cyrus-clients-2.3 > Version: 2.3.8-1 > Severity: normal > File: /usr/bin/imtest > > imtest fails to authenticate against Dovecot using GSSAPI, unless I > use the -u option. > > mutt and evolution work fine, both using STARTTLS and GSSAPI. Whether > I use STARTTLS (-t "") has no bearing on whether or not imtest works. > Note that authentication *does* work if I use -u bmc to specify the > authorization user ID, but it shouldn't require that, since I'm logged > into the client machine as bmc. > > Client side: > lakeview no % imtest -m GSSAPI castro > S: * OK Dovecot ready. > C: C01 CAPABILITY > S: * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND > UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS > LOGINDISABLED AUTH=GSSAPI > S: C01 OK Capability completed. > C: A01 AUTHENTICATE GSSAPI ... > S: + ... > C: S: + ... > C: ... > S: A01 NO Authentication failed. > Authentication failed. generic failure > Security strength factor: 0 > * LOGOUT > * BYE Logging out > * OK Logout completed. > Connection closed. > > lakeview ok % imtest -m GSSAPI -u bmc castro S: * OK > Dovecot ready. > C: C01 CAPABILITY > S: * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND > UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS > LOGINDISABLED AUTH=GSSAPI > S: C01 OK Capability completed. > C: A01 AUTHENTICATE GSSAPI ... > S: + ... > C: S: + ... > C: ... > S: A01 OK Logged in. > Authenticated. > Security strength factor: 0 > * LOGOUT > * BYE Logging out > * OK Logout completed. > Connection closed. > > lakeview ok % whoami > bmc > > > Server side: > Oct 29 09:31:28 castro dovecot: auth(default): > gssapi(?,::ffff:172.16.2.249): Invalid response length > Oct 29 09:31:35 castro dovecot: imap-login: Aborted login: > method=GSSAPI, rip=::ffff:172.16.2.249, lip=::ffff:98.197.197.167, TLS > Oct 29 10:14:21 castro dovecot: imap-login: Login: user=<bmc>, > method=GSSAPI, rip=::ffff:172.16.2.249, lip=::ffff:98.197.197.167 > Oct 29 10:14:24 castro dovecot: IMAP(bmc): Disconnected: Logged out > > Actual data is omitted and replaced with "...", because I'm not sure > whether any sensitive information is passed. If no sensitive > information is passed, or that information can be readily destroyed > (say, with kdestroy and kinit), then I'm happy to provide a full > transcript. If a DD really needs a test account, I'm happy to provide > one of those, too; simply send me an email with your preferred username. > > -- System Information: > Debian Release: lenny/sid > APT prefers unstable > APT policy: (500, 'unstable'), (1, 'experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 2.6.23-1-amd64 (SMP w/2 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > (ignored: LC_ALL set to en_US.UTF-8) > Shell: /bin/sh linked to /bin/bash > > Versions of packages cyrus-clients-2.3 depends on: > ii libc6 2.6.1-6 GNU C Library: Shared > libraries > ii libdb4.4 4.4.20-11 Berkeley v4.4 Database > Libraries [ > ii libsasl2-2 2.1.22.dfsg1-16 Cyrus SASL - > authentication abstra > ii libssl0.9.8 0.9.8g-1 SSL shared libraries > > cyrus-clients-2.3 recommends no packages. > > -- no debconf information > > ------------------------------------------------------------------------ > > _______________________________________________ > Pkg-Cyrus-imapd-Debian-devel mailing list > [EMAIL PROTECTED] > http://lists.alioth.debian.org/mailman/listinfo/pkg-cyrus-imapd-debian-devel
signature.asc
Description: OpenPGP digital signature
