On Mon, 16 Aug 2021, Steffen Nurpmeso steffen-at-sdaoden.eu |s-nail| wrote:
Uh. ! Thanks, yes, take care for the GSSAPI content ..
I don't know enough of GSSAPI, but to be all safe i personally
would now kdestroy and kinit again.
Done that, although I thought that it wouldn't be much use without
knowing the server. The tickets were due to expire soon anyway.
Yes i am sorry, i should have been more clear.
What would be interesting would be a possible difference in
between the two tries of which only one succeeds.
That's what I understood you to mean. But setting verbose seems to
guarantee failure. I wasn't expecting that, but...
Now that is very strange, then. Verbosity should not change
a thing, possibly except we would talk about a race condition,
where the I/O delay due to the verbose log changes some timing.
The whole business is very strange.
I bet that
|s-nail: GSSAPI error: gss_init_sec_context / An invalid name was
|supplied
|s-nail: GSSAPI error: gss_init_sec_context / Success
one of those is from the failed attempt, the other not.
No. I get both lines before having any success.
Hmm. Well and you are sure that nothing in the URL you use
changes in between the calls? This is the only thing that
actually comes from the MUA here.
Well, the URL is smtp.blah.blah and I suppose there could be several
machines taking turns using that alias.
I could give you a patch for .. whatever version you now use, one
that debug outputs those things, and you could tell whether
something has changed or not. You had to compile it anew of
course. Basically it would be adding
fprintf(stderr,
"HOST: l=%lu s<%s>\nCRED: USER: l=%lu s<%s>\n",
urlp->url_host.l, urlp->url_host.s,
credp->cc_user.l, credp->cc_user.s);
right at the beginning of ... ie, search for "smtp@", and place it
right in the next line, src/mx/net-gssapi.h is the file.
Ok, added that in v. 14.9.22 and I can get both success and failure.
But in both cases I see the exact same printout
HOST: l=<lengthofservername> s<smtp.blah.blah>
CRED: USER: l=<lengthofmyname> s<myname>
On failure, the error message
s-nail: SMTP server: 535 5.7.0 authentication failed
follows, and on success, I just get a prompt.
With verbose=2 set, I still haven't seen a success, but sometimes the
server responds to the AUTH GSSAPI from s-nail with a big string of
characters of its own, as in the previous message, and then s-nail adds
s-nail: GSSAPI error: gss_init_sec_context / An invalid name was
supplied
s-nail: GSSAPI error: gss_init_sec_context / Success
and sometimes the server responds to the AUTH GSSAPI with just
SERVER: 535 5.7.0 authentication failed
Stephen Isard
