[Dovecot] GSSAPI Authentication in v1.2.1
Phillip Macey
phillip.macey at cisra.canon.com.au
Tue Aug 4 04:31:56 EEST 2009
In the release notes for v1.2.2, Timo said:
> Found and fixes several v1.2-specific bugs. Hopefully it's now stable
> for most people's usage.
>
> * GSSAPI: More changes to authentication. Hopefully good now.
>
What were the GSSAPI changes? I am having problems with _some_ of my
users using GSSAPI auth. I am using version 1.2.1. The client
(thunderbird) reports that the server does not support 'secure
authentication'. When I switch on auth_debug in dovecot, I see errors
such as these in the logs:
Aug 3 16:45:57 fury dovecot: auth(default): client in: AUTH 1
GSSAPI service=imap lip=10.1.0.20 rip=10.8.5.72 lport=143
rport=4027
Aug 3 16:45:57 fury dovecot: auth(default): gssapi(?,10.8.5.72): Using
all keytab entries
Aug 3 16:45:57 fury dovecot: auth(default): client out: CONT 1
Aug 3 16:45:57 fury dovecot: imap-login: Disconnected: Input buffer
full (auth failed, 1 attempts): method=GSSAPI, rip=10.8.5.72, lip=10.1.0.20
Other users work perfectly (eg. all of the user accounts I tested
against). Would this have been a bug that was fixed in 1.2.2 or is it
something else? If it is most likely something else, I will post
`dovecot -n`.
--
Thanks,
Phill Macey
More information about the dovecot
mailing list