On Wed, 2007-01-10 at 14:11 -0500, Ken Hornstein wrote: > Let me step back a bit. > > Exactly _which_ clients are you interested in getting Kerberos authentication > to work with qpopper? I ask because that has bearing on which protocol > you want to support.
I was interested in getting regular clients such as evolution that support GSSAPI to work. However, I was confused by the existence of the --with-kerberos5 flag for the configure script. I thought that was *required* for Kerberos use. As you clarified below, I now understand that isn't the case. > Like I said, part of the reason I let that code languish was that I didn't > see a need any more for it. > > >Well, I was able to create my own patches that seem to work, but I > >haven't been able to fully test them yet. I was just wondering if > >anyone had patches before I went and re-invented the wheel. (I am > >attaching them with this email.) Of course, what you're saying brings > >up some *really* interesting questions. Are you saying that qpopper > >does *not* need the --with-kerberos flag when running configure in order > >to use GSSAPI protocol? > > That is correct. > > >If not, I take it that the purpose of the > >--with-kerberos flag is to support the KPOP type authentication. > > Yes, that is also correct. > > >(Please pardon me if that is a re-statement of what you said above.) If > >one does not need to use the --with-kerberos flag when running the > >configure script, where can I find documentation on how to use > >Kerberos/GSSAPI authentication? > > Ah, okay, well, that is perhaps one area that needs to be addressed a bit. > > Qpopper gets Kerberos/GSSAPI by virtue of the Cyrus-SASL library. That > includes support for all SASL mechanisms supported by Cyrus-SASL, one > of which is GSSAPI. In hindsight, part of me maybe thinks it would > have been better to call the GSSAPI directly, as getting Cyrus-SASL > working can be a bitch and a half (if you use one of the prepackaged > builds that come with Linux, for example, it shouldn't be an issue). > However, most of the problems I see people have with Cyrus-SASL is with > saslauthd and database conflicts, and those are not an issue with the > GSSAPI mechanism. > > There is documentation in the Qpopper manual about the various options > that affect SASL. The only thing you need to know regarding GSSAPI is > that the service principal for Kerberos is "pop/[EMAIL PROTECTED]". At this point, I'm now slightly confused. Which manual are you referring to? I have run case insensitive searches on the administrators guide (GUIDE.pdf) for the string "sasl" and come up with nothing. There are some occurences of the string in the file Qpopper.fm that is in the doc/guide subdirectory of the distribution, but that's a framemaker file, and I have no way of viewing that correctly. When I try to view those files using vim, I see references to a --with-cyrus-sasl flag. I assume this is a flag for the configure script. Unfortunately, the string "sasl" never occurs in that script. Hence, there doesn't seem to be any such flag for the current version of the configure script. (This is all in 4.0.9 by the way.) When I run ldd on the popper binary, I don't see any reference to a cyrus-sasl library. If I telnet to port 110 and type the "AUTH" command, I get the following: AUTH +OK Supported SASL mechanisms: X-NONE-SO-USE-APOP-OR-STLS . This is on a machine that has a properly functioning saslauthd. What I'm trying to get at is how do I get qpopper to even acknowledge the existence of cyrus-sasl? All of the usual suspects seem to be somewhat devoid of the strings "cyrus" adn "sasl". (Though not completely. Just devoid in the ways that would help.) I apologize if I'm seeming a little frustrated. I *really* do appreciate your help and I'm guessing that I have overlooked something really obvious, and I'm not seeing it right now. Thank you very much. -- John Guthrie [EMAIL PROTECTED]
