[Dovecot] Digest-MD5 and GSSAPI not working in beta3

Casey Allen Shobe lists at seattleserver.com
Fri Feb 24 15:19:20 EET 2006 

On Friday 24 February 2006 10:03, Timo Sirainen wrote:
> I don't really know about the Kerberos code in Dovecot.. Did you check
> if there was anything in Dovecot's logs with auth_verbose=yes?

> This could have something to do with realms. I just tested this for a
> while and it looks like Cyrus SASL client wants to send a realm always,
> even if Dovecot doesn't advertise any realms.
>
> Are all your usernames in user at domain format? In that case you could set
> auth_realms to the list of domains. Or alternatively try if the attached
> patch helps.

I applied the patch - but it makes no difference.  I tried adding one of the 
domains to both auth_realms and default_auth_realm, and it didn't help 
either.

For reference, here's what I see with PLAIN:

auth(default): client in: 
AUTH_1_PLAIN_service=IMAP_lip=205.234.78.135_rip=71.113.119.162_resp=<hidden>
auth(default): sql(info at xxxx.net,71.113.119.162): query: select "user", 
"password" from "users" where "user" = 'info at xxxx.net'
auth(default): client out: OK_1_user=info at xxxx.net
auth(default): master in: REQUEST_3_26029_1
auth(default): master out: 
USER_3_info at pwci.net_uid=89_gid=89_home=/var/vpopmail/domains/xxxx.net/info
imap-login: Login: user=<info at xxxx.net>, method=PLAIN, rip=71.113.119.162, 
lip=205.234.78.135

Here's what I see when trying DIGEST-MD5:

auth(default): client in: 
AUTH_1_DIGEST-MD5_service=IMAP_secured_lip=205.234.78.135_rip=71.113.119.162
auth(default): client out: 
CONT_1_cmVhbG09IiIsbm9uY2U9Im1LZ2J2WWRYeTNWTFUzZXdFelVPdlE9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI=
auth(default): client in: CONT<hidden>
auth(default): sql(kc at xxxx.com,71.113.119.162): query: select "user", 
"password" from "users" where "user" = 'kc at xxxx.com'
auth(default): digest-md5(kc at xxxx.com,71.113.119.162): password mismatch
auth(default): client out: FAIL_1_user=kc at xxxx.com
imap-login: Disconnected: user=<kc at sk8rland.com>, method=DIGEST-MD5, 
rip=71.113.119.162, lip=205.234.78.135, TLS

And this is all I see when trying GSSAPI:

imap-login: Disconnected: rip=71.113.119.162, lip=205.234.78.135

Cheers,
-- 
Casey Allen Shobe | cshobe at seattleserver.com | 206-381-2800
SeattleServer.com, Inc. | http://www.seattleserver.com

More information about the dovecot mailing list