On 02/29/12 23:41, Timo Sirainen wrote:
Oh, yes, this is a bug in Dovecot..
Hmm. Or it looked like a bug, since it replied only with "+", so I thought all auth mechanisms would have such a bug, but no.. So I'm not really sure why it's not sending more data. I don't have a Kerberos setup to test this with. v2.1's GSSAPI code is anyway identical to v2.0's.
With auth debugging on a successful connection gives:
Mar 2 00:33:34 bats dovecot: auth: Debug: auth client connected (pid=1584) Mar 2 00:33:34 bats dovecot: auth: Debug: client in: AUTH 1 GSSAPI service=imap lip=130.195.5.13 rip=130.195.5.88 lport=143 rport=49116 Mar 2 00:33:34 bats dovecot: auth: Debug: gssapi(?,130.195.5.88): Using all keytab entries Mar 2 00:33:34 bats dovecot: auth: Debug: client out: CONT 1 Mar 2 00:33:34 bats dovecot: auth: Debug: client in: CONT<hidden> Mar 2 00:33:34 bats dovecot: auth: Debug: gssapi(mark@ECS.VUW.AC.NZ,130.195.5.88): security context state completed. Mar 2 00:33:34 bats dovecot: auth: Debug: client out: CONT 1 YIGaBgkqhkiG9xIBAgICAG+BijCBh6ADAgEFoQMCAQ+iezB5oAMCARKicgRwXldfEmBHqH3DiVbw7aXtx54iBNjo1Rv/KxBSK5G3TmYFm3YskYN/23EiaOQ0Tdyi4bc4jhv5cFWMpH/xM89wAFJVW8Ue27/fmCasfDWXE+i4TKA3UCm78Wy8YyiNVae8X341LspBk86R1Zl5MNRMvA== Mar 2 00:33:34 bats dovecot: auth: Debug: client in: CONT<hidden> Mar 2 00:33:34 bats dovecot: auth: Debug: gssapi(mark@ECS.VUW.AC.NZ,130.195.5.88): Negotiated security layer Mar 2 00:33:34 bats dovecot: auth: Debug: client out: CONT 1 BQQF/wAMAAwAAAAA47846FHFUOykdXinGYvMKwH///8= Mar 2 00:33:34 bats dovecot: auth: Debug: client in: CONT<hidden> Mar 2 00:33:34 bats dovecot: auth: Debug: client out: OK 1 user=mark
and the failing kmail gives
Mar 2 00:38:08 bats dovecot: auth: Debug: auth client connected (pid=2720) Mar 2 00:38:08 bats dovecot: auth: Debug: client in: AUTH 1 GSSAPI service=imap lip=130.195.5.13 rip=130.195.5.88 lport=143 rport=49118 resp=<hidden> Mar 2 00:38:08 bats dovecot: auth: Debug: gssapi(?,130.195.5.88): Using all keytab entries Mar 2 00:38:08 bats dovecot: auth: Debug: gssapi(mark@ECS.VUW.AC.NZ,130.195.5.88): security context state completed. Mar 2 00:38:08 bats dovecot: auth: Debug: client out: CONT 1 Mar 2 00:38:08 bats dovecot: auth: Debug: client in: CONT<hidden> Mar 2 00:38:08 bats dovecot: auth: GSSAPI(mark@ECS.VUW.AC.NZ,130.195.5.88): Invalid base64 data in continued response Mar 2 00:38:08 bats dovecot: auth: Debug: client out: FAIL 1 reason=Invalid base64 data in continued response
so what bit of the code should I be looking at to see what happens between the "security context state completed" and the "client out"?
cheers mark