[Dovecot] GSSAPI auth failing for kmail

Mark Davies mark at ecs.vuw.ac.nz
Thu Mar 1 13:49:11 EET 2012



On 02/29/12 23:41, Timo Sirainen wrote:
>> Oh, yes, this is a bug in Dovecot..
> 
> Hmm. Or it looked like a bug, since it replied only with "+", so I thought all auth mechanisms would have such a bug, but no.. So I'm not really sure why it's not sending more data. I don't have a Kerberos setup to test this with. v2.1's GSSAPI code is anyway identical to v2.0's.

With auth debugging on a successful connection gives:


Mar  2 00:33:34 bats dovecot: auth: Debug: auth client connected (pid=1584)
Mar  2 00:33:34 bats dovecot: auth: Debug: client in: AUTH      1
GSSAPI  service=imap    lip=130.195.5.13        rip=130.195.5.88
lport=143       rport=49116
Mar  2 00:33:34 bats dovecot: auth: Debug: gssapi(?,130.195.5.88): Using
all keytab entries
Mar  2 00:33:34 bats dovecot: auth: Debug: client out: CONT     1
Mar  2 00:33:34 bats dovecot: auth: Debug: client in: CONT<hidden>
Mar  2 00:33:34 bats dovecot: auth: Debug:
gssapi(mark at ECS.VUW.AC.NZ,130.195.5.88): security context state completed.
Mar  2 00:33:34 bats dovecot: auth: Debug: client out: CONT     1
YIGaBgkqhkiG9xIBAgICAG+BijCBh6ADAgEFoQMCAQ+iezB5oAMCARKicgRwXldfEmBHqH3DiVbw7aXtx54iBNjo1Rv/KxBSK5G3TmYFm3YskYN/23EiaOQ0Tdyi4bc4jhv5cFWMpH/xM89wAFJVW8Ue27/fmCasfDWXE+i4TKA3UCm78Wy8YyiNVae8X341LspBk86R1Zl5MNRMvA==
Mar  2 00:33:34 bats dovecot: auth: Debug: client in: CONT<hidden>
Mar  2 00:33:34 bats dovecot: auth: Debug:
gssapi(mark at ECS.VUW.AC.NZ,130.195.5.88): Negotiated security layer
Mar  2 00:33:34 bats dovecot: auth: Debug: client out: CONT     1
BQQF/wAMAAwAAAAA47846FHFUOykdXinGYvMKwH///8=
Mar  2 00:33:34 bats dovecot: auth: Debug: client in: CONT<hidden>
Mar  2 00:33:34 bats dovecot: auth: Debug: client out: OK       1
user=mark

and the failing kmail gives

Mar  2 00:38:08 bats dovecot: auth: Debug: auth client connected (pid=2720)
Mar  2 00:38:08 bats dovecot: auth: Debug: client in: AUTH      1
GSSAPI  service=imap    lip=130.195.5.13        rip=130.195.5.88
lport=143       rport=49118     resp=<hidden>
Mar  2 00:38:08 bats dovecot: auth: Debug: gssapi(?,130.195.5.88): Using
all keytab entries
Mar  2 00:38:08 bats dovecot: auth: Debug:
gssapi(mark at ECS.VUW.AC.NZ,130.195.5.88): security context state completed.
Mar  2 00:38:08 bats dovecot: auth: Debug: client out: CONT     1
Mar  2 00:38:08 bats dovecot: auth: Debug: client in: CONT<hidden>
Mar  2 00:38:08 bats dovecot: auth:
GSSAPI(mark at ECS.VUW.AC.NZ,130.195.5.88): Invalid base64 data in
continued response
Mar  2 00:38:08 bats dovecot: auth: Debug: client out: FAIL     1
reason=Invalid base64 data in continued response


so what bit of the code should I be looking at to see what happens
between the "security context state completed" and the "client out"?

cheers
mark


More information about the dovecot mailing list