[Dovecot] GSSAPI auth failing for kmail
Mark Davies
mark at ecs.vuw.ac.nz
Wed Feb 29 12:15:52 EET 2012
On 02/28/12 00:11, Timo Sirainen wrote:
>>> Looks like kmail is sending some kind of garbage to Dovecot. Set
>>> auth_debug_passwords=yes to make Dovecot log the auth traffic.
>>
>> Yeah, I did a network trace and it seems kmail is not sending the
>> full authentication request before trying to carry on.
>
>>> 8 0.043625 130.195.5.88 130.195.5.13 IMAP 898 Request: 1 AUTHENTICATE GSSAPI YIICWgYJKoZIhvcSAQICAQBuggJJMI[...]jLyNiRZFsc9zFxpdwrZAB/WXRRS1zsM4SlDfE59CW1xfKAkqe
>
> It uses SASL-IR to send the first seponse.
>
>>> 9 0.044919 130.195.5.13 130.195.5.88 IMAP 70 Response: +
>
> Dovecot says "OK, give me more".
I poked some more at the kmail end of this but I cant see what its doing
differently from what it used to (but clearly there is something).
The new kmail sends
1 AUTHENTICATE GSSAPI YIICWgYJKoZIhvcSAQICAQBugg[...]wfuKg4VUptzPwb\r\n
and receives
+ \r\n
from dovecot, which it doesn't like and reports
clientAuthenticate: sasl_client_step failed with: -1
an older (working kmail) sends
1 AUTHENTICATE GSSAPI YIICiAYJKoZIhvcSAQICAQBugg[...]MpPurY7cZfRSEw==\r\n
and receives
+ YIGaBgkqhkiG9xIBAgI[...]iYoSGi9/uKVGyE64TAvkf25rCbFkNqk1D12g==\r\n
and carries on.
So what is it that differs in the two cases to cause dovecot to respond
differently?
cheers
mark
More information about the dovecot
mailing list