Created attachment 57747 [details] Screenshot showing the GSSAPI connection error. Version: 2.0.89 (using KDE 4.6.1) OS: Linux While old style kmail worked fine with GSSAPI, akonadi does not, see attached screenshot. Reproducible: Always Steps to Reproduce: Create an IMAP resource with GSSAPI authentication in akonadi, start kmail. Actual Results: No IMAP connection is established, see screenshot. Expected Results: Have an IMAP connection with GSSAPI authentication and read my emails w/o using thunderbird :) OS: Linux (x86_64) release 2.6.35-28-generic Compiler: cc
Created attachment 60900 [details] Changed error message from 4.6.4
Quick update: As of KDE 4.6.4 I am still forced to use Thunderbird :( However, the error message has changed a bit (see new attachment).
Still the same with kmail/akonadi as shipped with 4.7.0. :(
just to be sure, (at least) cyrus-sasl and cyrus-sasl-gssapi are installed ?
Yes, but on Ubuntu the packages are named libsasl2 and libsasl2-modules-gssapi-mit.
It's still the same in 4.8.
*** Bug 292403 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 249992 ***
Bug #249992 is marked fixed, but I still can't login to my IMAP server (dovecot) via GSSAPI with kmail/akonadi as of 4.8.3. So I guess this one is not a duplicate of #249992 and thus should be reopened.
Please reopen. GSSAPI authentication still doesn't work on 4.9beta2!
Please reopen this bug. It is NOT a duplicate of bug with number 249992. GSSAPI authentication still does NOT work in KDE 4.9.1.
Please add exact steps to reproduce, developers might not have seen the difference between the bugs.
1) Have an IMAP server available which is configured to allow Kerberos/GSSAPI authentication. 2) Make sure users can get kerberos tickets from a kerberos server (kinit, then klist to verify). 3) Start kmail and create a new IMAP account to access the IMAP server above. 4) In the "General" tab, enter account detail, w/o password (you don't need one, because of kerberos). 5) In the "Advanced" tab, set "Authentication" to "GSSAPI". The resulting account will not be functional, you'll get a message: "Resource <name> is broken. This resource is now offline", and the account will be offline.
I had have the same problem when i try to establish an unencrypted IMAP connection. When i turn on TLS everything works fine. My mail server is dovecot. I've tried it with KDE 4.8.5 (Kubuntu 12.04) and the KDE Version in Kubuntu 12.10 Beta 2
I don't use any encryption, my server (dovecot as well) is not configured for SSL/TLS usage. I just want SSO via GSSAPI to work.
I can confirm the for KDE 4.9.3 vs. an Exchange 2010 server. In my case, this is caused by the following: KIMAP sends: A000002 AUTHENTICATE GSSAPI KIMAP recvs: + KIMAP cancels challenge. Exchange sends an empty continuation for GSSAPI authentication. The client has to send the first data. See attached fix.
Created attachment 75282 [details] Allow empty continuation for GSSAPI authentication
Created attachment 75634 [details] Cleaned up patch file (now against KDE 4.9.4)
*** Bug 311456 has been marked as a duplicate of this bug. ***
Problem still present in 4.10RC1.
After upgrading from Fedora 18 to Fedora 19, I now have this issue as well.
*** This bug has been confirmed by popular vote. ***
The IMAP resource has a new maintainer, reassigning to him.
So does he maintain it at all?
Christian, Can you take a look at the small patch attached to this bug. Looks ok to me, but I'm not a GSSAPI user. I'm not sure any of us developers use GSSAPI hence why this bug has been sitting for years. I plan to use the patch locally for a bit and see if anything breaks for me.
The patch looks indeed harmless. If you can give it a try (to see wether non GSSAPI usage breaks somehow) we could indeed merge it if it solves the issue.
Git commit e463b6e644318c5da502f9328abf8069173ee4bc by Allen Winter. Committed on 06/09/2015 at 15:28. Pushed by winterz into branch 'KDE/4.14'. kimap/loginjob.cpp - support for GSSAPI authentication patch by eifert almost 3 years ago. ok'd by Christian MERGE: looks safe for merging to modern versions M +7 -1 kimap/loginjob.cpp http://commits.kde.org/kdepimlibs/e463b6e644318c5da502f9328abf8069173ee4bc
I'm afraid this still doesn't work. After enabling GSSAPI authentication, I get this error when I try to access a folder: "Unable to fetch item from backend (collection -1): Unable to retrieve item from resource: Der Auftrag wurde abgebrochen" And the account goes into offline mode. Version information: % dpkg --list|awk '/kmail|kontact|akonadi/ {print $2": "$3}' :( akonadi-backend-postgresql: 1.13.0-8 akonadi-backend-sqlite: 1.13.0-8 akonadi-server: 1.13.0-8 akonadiconsole: 4:4.14.10-2 kmail: 4:4.14.10-2 kontact: 4:4.14.10-2 libakonadi-calendar4: 4:4.14.10-1 libakonadi-contact4: 4:4.14.10-1 libakonadi-kabc4: 4:4.14.10-1 libakonadi-kcal4: 4:4.14.10-1 libakonadi-kde4: 4:4.14.10-1 libakonadi-kmime4: 4:4.14.10-1 libakonadi-notes4: 4:4.14.10-1 libakonadiprotocolinternals1: 1.13.0-8 libkontactinterface4a: 4:4.14.10-1
Just updated my system to Debian Buster which ships kmail 5.7.3. After more than 7(!) years, I'm finally able to authenticate with GSSAPI again. Congratulations!