On Mon, 10 Apr 2006, BuildSmart wrote:
So, if your report is correct, this looks to be a bug in
Mail.app. I don't recall if I ever tried Mail.app with our
(kerberized) IMAP servers. I tried it once, then went back to Pine.
Mea culpa. The report is not correct.
On Apr 10, 2006, at 17:39 , Mark Crispin wrote:
I have no issues using Apple's Mail.app and UW-IMAP as kerberized.
Mail.app - Version 2.0.7 (746.2/749.3)
I have the same version. Mail.app did not request a Kerberos ticket
for "host/host.name".
I misinterpreted the log files. Our KDC logged this
TGS_REQ (7 etypes {...}) 128.100.x.y(88): ISSUE: authtime
1144433149, etypes {...},
[EMAIL PROTECTED] for host/[EMAIL PROTECTED]
and I assumed that the transaction was initiated by Mail.app, which
had requested the password and the IMAP session failed. And imapd
logged this:
Failed to acquire credentials for imap/[EMAIL PROTECTED]
and I assumed the two events were directly related. If I'd looked
closer the timestamps were a minute apart (KDC and IMAP servers are
NTP-synced).
What happened? I'd turned one SSH session into log watcher "tail -f /
var/log/mail". After Mail.app failed, I decided to create a second
session. Mail.app had saved the Kerberos credentials and ssh found
them, so it requested Kerberos token for the remote host. That failed
and ssh silently fell back to using identities and keys, so I was
none the wiser.
I experimented with several keytabs, but it seems I'd never replayed
test with a proper keytab entry for "imap/host.name". With that
entry, Mail.app's Kerberos (GSSAPI) authentication works as expected.
Paul
_______________________________________________
Imap-uw mailing list
[email protected]
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
