Package: cyrus-clients-2.3 Version: 2.3.8-1 Severity: normal File: /usr/bin/imtest
imtest fails to authenticate against Dovecot using GSSAPI, unless I use the -u option.
mutt and evolution work fine, both using STARTTLS and GSSAPI. Whether I use STARTTLS (-t "") has no bearing on whether or not imtest works. Note that authentication *does* work if I use -u bmc to specify the authorization user ID, but it shouldn't require that, since I'm logged into the client machine as bmc.
Client side: lakeview no % imtest -m GSSAPI castro S: * OK Dovecot ready. C: C01 CAPABILITY S: * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS LOGINDISABLED AUTH=GSSAPI S: C01 OK Capability completed. C: A01 AUTHENTICATE GSSAPI ... S: + ...C: S: + ...
C: ... S: A01 NO Authentication failed. Authentication failed. generic failure Security strength factor: 0 * LOGOUT * BYE Logging out * OK Logout completed. Connection closed.lakeview ok % imtest -m GSSAPI -u bmc castro S: * OK Dovecot ready.
C: C01 CAPABILITY S: * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS LOGINDISABLED AUTH=GSSAPI S: C01 OK Capability completed. C: A01 AUTHENTICATE GSSAPI ... S: + ...C: S: + ...
C: ... S: A01 OK Logged in. Authenticated. Security strength factor: 0 * LOGOUT * BYE Logging out * OK Logout completed. Connection closed. lakeview ok % whoami bmc Server side: Oct 29 09:31:28 castro dovecot: auth(default): gssapi(?,::ffff:172.16.2.249): Invalid response length Oct 29 09:31:35 castro dovecot: imap-login: Aborted login: method=GSSAPI, rip=::ffff:172.16.2.249, lip=::ffff:98.197.197.167, TLS Oct 29 10:14:21 castro dovecot: imap-login: Login: user=<bmc>, method=GSSAPI, rip=::ffff:172.16.2.249, lip=::ffff:98.197.197.167 Oct 29 10:14:24 castro dovecot: IMAP(bmc): Disconnected: Logged outActual data is omitted and replaced with "...", because I'm not sure whether any sensitive information is passed. If no sensitive information is passed, or that information can be readily destroyed (say, with kdestroy and kinit), then I'm happy to provide a full transcript. If a DD really needs a test account, I'm happy to provide one of those, too; simply send me an email with your preferred username.
-- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.23-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages cyrus-clients-2.3 depends on: ii libc6 2.6.1-6 GNU C Library: Shared libraries ii libdb4.4 4.4.20-11 Berkeley v4.4 Database Libraries [ ii libsasl2-2 2.1.22.dfsg1-16 Cyrus SASL - authentication abstra ii libssl0.9.8 0.9.8g-1 SSL shared libraries cyrus-clients-2.3 recommends no packages. -- no debconf information -- brian m. carlson / brian with sandals: Houston, Texas, US +1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only a typesetting engine: http://crustytoothpaste.ath.cx/~bmc/code/thwack OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
