[Dovecot] failed authentication with digest-md5 (rc9)
Hi!
I'm using rc9 and DIGEST-MD5 passwords. Sometimes it works, sometimes it's not...
When failed, I get this in the logs:
12:45:11 Info: auth(default): client in: AUTH 1 DIGEST-MD5
service=POP3 secured lip=<lip> rip=<rip> resp=
Using KMail 1.9.4.
Daniel
-- LeVA
- October 14. 12:51, LeVA:
Hi!
I'm using rc9 and DIGEST-MD5 passwords. Sometimes it works, sometimes it's not...
When failed, I get this in the logs:
12:45:11 Info: auth(default): client in: AUTH 1 DIGEST-MD5
service=POP3 secured lip=<lip> rip=<rip> resp=12:45:11 Info: auth(default): client out: CONT 1 12:45:11 Info: auth(default): client in: CONT 1 12:45:11 Info: auth(default): digest-md5(?,<rip>): Unknown QoP value 12:45:12 Info: auth(default): client out: FAIL 1 12:45:12 Info: pop3-login: Aborted login: method=DIGEST-MD5, rip=<rip>, lip=<lip>, TLS
Would someone at least tell me what is this message mean, please? What is a QoP value?
Using KMail 1.9.4.
Daniel
-- LeVA
On Sun, 2006-10-15 at 14:42 +0200, LeVA wrote:
12:45:11 Info: auth(default): digest-md5(?,<rip>): Unknown QoP value
This patch makes it also print what value was sent:
http://www.dovecot.org/list/dovecot-cvs/2006-October/006552.html
Would someone at least tell me what is this message mean, please? What is a QoP value? ..
Using KMail 1.9.4.
It most likely means that KMail is broken, or possibly also a bug in Dovecot. In any case what it means is that Dovecot announces that it supports "auth" QoP (Quality of Protection). KMail is supposed to reply back that it wants to use "auth" QoP, but it replies with something else.
Maybe what happened is that KMail developers added support for other QoPs also but forgot to add a check to see if the server supported them.
- October 15. 15:08, Timo Sirainen:
On Sun, 2006-10-15 at 14:42 +0200, LeVA wrote:
12:45:11 Info: auth(default): digest-md5(?,<rip>): Unknown QoP value
This patch makes it also print what value was sent:
http://www.dovecot.org/list/dovecot-cvs/2006-October/006552.html
Would someone at least tell me what is this message mean, please? What is a QoP value?
..
Using KMail 1.9.4.
It most likely means that KMail is broken, or possibly also a bug in Dovecot. In any case what it means is that Dovecot announces that it supports "auth" QoP (Quality of Protection). KMail is supposed to reply back that it wants to use "auth" QoP, but it replies with something else.
Maybe what happened is that KMail developers added support for other QoPs also but forgot to add a check to see if the server supported them. So now what would be helpful? An ethereal (wireshark) log of the conversation?
Daniel
-- LeVA
On Sun, 2006-10-15 at 15:16 +0200, LeVA wrote:
- October 15. 15:08, Timo Sirainen:
On Sun, 2006-10-15 at 14:42 +0200, LeVA wrote:
12:45:11 Info: auth(default): digest-md5(?,<rip>): Unknown QoP value
This patch makes it also print what value was sent:
http://www.dovecot.org/list/dovecot-cvs/2006-October/006552.html .. So now what would be helpful? An ethereal (wireshark) log of the conversation?
Either that or using the patch above.
- October 15. 15:20, Timo Sirainen:
On Sun, 2006-10-15 at 15:16 +0200, LeVA wrote:
- October 15. 15:08, Timo Sirainen:
On Sun, 2006-10-15 at 14:42 +0200, LeVA wrote:
12:45:11 Info: auth(default): digest-md5(?,<rip>): Unknown QoP value
This patch makes it also print what value was sent:
http://www.dovecot.org/list/dovecot-cvs/2006-October/006552.html
..
So now what would be helpful? An ethereal (wireshark) log of the conversation?
Either that or using the patch above. Using the latest cvs (with the above patch):
15:49:55 Info: auth(default): digest-md5(?,<rip>): Unknown QoP value: \ pop
Daniel
-- LeVA
- October 15. 15:52, LeVA:
- October 15. 15:20, Timo Sirainen:
On Sun, 2006-10-15 at 15:16 +0200, LeVA wrote:
- October 15. 15:08, Timo Sirainen:
On Sun, 2006-10-15 at 14:42 +0200, LeVA wrote:
12:45:11 Info: auth(default): digest-md5(?,<rip>): Unknown QoP value
This patch makes it also print what value was sent:
http://www.dovecot.org/list/dovecot-cvs/2006-October/006552.htm l
..
So now what would be helpful? An ethereal (wireshark) log of the conversation?
Either that or using the patch above.
Using the latest cvs (with the above patch):
15:49:55 Info: auth(default): digest-md5(?,<rip>): Unknown QoP value: \ pop
Plus information:
This only happens if I'm using TLS + DIGEST-MD5. I've tried to capture the conversation with wireshark so I turned off TLS, but then I could not reproduce this. After I've turned TLS on, the failure happened again. But as I said, this is not happening always. Sometimes it works, and sometimes it's not. Do you think this is a KMail issue, cause then I'll file a bug report against this.
Daniel
-- LeVA
On Sun, 2006-10-15 at 16:49 +0200, LeVA wrote:
15:49:55 Info: auth(default): digest-md5(?,<rip>): Unknown QoP value: \ pop
What's that "\" in there? Did it really send "\ pop"?
This only happens if I'm using TLS + DIGEST-MD5. I've tried to capture the conversation with wireshark so I turned off TLS, but then I could not reproduce this. After I've turned TLS on, the failure happened again. But as I said, this is not happening always. Sometimes it works, and sometimes it's not. Do you think this is a KMail issue, cause then I'll file a bug report against this.
I'd say this is pretty clearly a KMail bug. dovecot-auth doesn't do anything differently if TLS is used.
- October 15. 17:28, Timo Sirainen:
On Sun, 2006-10-15 at 16:49 +0200, LeVA wrote:
15:49:55 Info: auth(default): digest-md5(?,<rip>): Unknown QoP value: \ pop
What's that "\" in there? Did it really send "\ pop"? No, sorry, I put that backslash there to indicate the continuity in the two lines. That is: "Unknown QoP value: pop".
This only happens if I'm using TLS + DIGEST-MD5. I've tried to capture the conversation with wireshark so I turned off TLS, but then I could not reproduce this. After I've turned TLS on, the failure happened again. But as I said, this is not happening always. Sometimes it works, and sometimes it's not. Do you think this is a KMail issue, cause then I'll file a bug report against this.
I'd say this is pretty clearly a KMail bug. dovecot-auth doesn't do anything differently if TLS is used.
Okay, thanks, henceforth I'm bargaining with the kmail developers.
Daniel
-- LeVA
On Sunday October 15, 2006 at 10:49:04 (AM) LeVA wrote:
This only happens if I'm using TLS + DIGEST-MD5. I've tried to capture the conversation with wireshark so I turned off TLS, but then I could not reproduce this. After I've turned TLS on, the failure happened again. But as I said, this is not happening always. Sometimes it works, and sometimes it's not. Do you think this is a KMail issue, cause then I'll file a bug report against this.
Would it be possible to run 'truss' to capture the session?
-- Gerard Seibert gerard@seibercom.net
sic transit gloria mundi
participants (3)
-
Gerard Seibert
-
LeVA
-
Timo Sirainen