Using KDE neon dev/unstable, kmail2 stopped retrieving mails from gmail. Deleting and creating a new resource results in the same problem. I think I traced the problem back to the imap resource and kimap not being able to authenticate with the server. When launching akonadi and kmail from the command line I get the following errors: org.kde.pim.kimap: Connection to server lost 0 org.kde.pim.imapresource: Session login cancelled org.kde.pim.kimap: sasl_client_start failed with: -4 "SASL(-4): no mechanism available: No worthy mechs found" and at the end of each sync attempt: qt.network.ssl: QSslSocket::startClientEncryption: cannot start handshake on non-plain connection This happens for both single and double factor authentication. All sasl and qca libraries and plugins are installed.
Please provide output of "pluginviewer -c"
> saslpluginviewer -c Installed and properly configured SASL (client side) mechanisms are: GSS-SPNEGO GSSAPI DIGEST-MD5 EXTERNAL NTLM CRAM-MD5 LOGIN PLAIN ANONYMOUS Available SASL (client side) mechanisms matching your criteria are: GSS-SPNEGO GSSAPI DIGEST-MD5 EXTERNAL NTLM CRAM-MD5 LOGIN PLAIN ANONYMOUS List of client plugins follows Plugin "gssapiv2" [loaded], API version: 4 SASL mechanism: GSS-SPNEGO, best SSF: 56 security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN|SUPPORTS_HTTP Plugin "gssapiv2" [loaded], API version: 4 SASL mechanism: GSSAPI, best SSF: 56 security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN Plugin "digestmd5" [loaded], API version: 4 SASL mechanism: DIGEST-MD5, best SSF: 128 security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH features: PROXY_AUTHENTICATION|NEED_SERVER_FQDN|SUPPORTS_HTTP Plugin "EXTERNAL" [loaded], API version: 4 SASL mechanism: EXTERNAL, best SSF: 0 security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION Plugin "ntlm" [loaded], API version: 4 SASL mechanism: NTLM, best SSF: 0 security flags: NO_ANONYMOUS|NO_PLAINTEXT features: WANT_CLIENT_FIRST|SUPPORTS_HTTP Plugin "crammd5" [loaded], API version: 4 SASL mechanism: CRAM-MD5, best SSF: 0 security flags: NO_ANONYMOUS|NO_PLAINTEXT features: SERVER_FIRST Plugin "login" [loaded], API version: 4 SASL mechanism: LOGIN, best SSF: 0 security flags: NO_ANONYMOUS|PASS_CREDENTIALS features: SERVER_FIRST Plugin "plain" [loaded], API version: 4 SASL mechanism: PLAIN, best SSF: 0 security flags: NO_ANONYMOUS|PASS_CREDENTIALS features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION Plugin "anonymous" [loaded], API version: 4 SASL mechanism: ANONYMOUS, best SSF: 0 security flags: NO_PLAINTEXT features: WANT_CLIENT_FIRST
Thanks for the update; changing status.
Confirmed on Arch Linux too after the update to 17.04 from 16.12
Installed and properly configured SASL (client side) mechanisms are: [0/81] SCRAM-SHA-1 DIGEST-MD5 EXTERNAL NTLM CRAM-MD5 LOGIN XOAUTH2 PLAIN ANONYMOUS Available SASL (client side) mechanisms matching your criteria are: SCRAM-SHA-1 DIGEST-MD5 EXTERNAL NTLM CRAM-MD5 LOGIN XOAUTH2 PLAIN ANONYMOUS List of client plugins follows Plugin "scram" [loaded], API version: 4 SASL mechanism: SCRAM-SHA-1, best SSF: 0 security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|MUTUAL_AUTH features: PROXY_AUTHENTICATION|CHANNEL_BINDING Plugin "digestmd5" [loaded], API version: 4 SASL mechanism: DIGEST-MD5, best SSF: 128 security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH features: PROXY_AUTHENTICATION|NEED_SERVER_FQDN|SUPPORTS_HTTP Plugin "EXTERNAL" [loaded], API version: 4 SASL mechanism: EXTERNAL, best SSF: 0 security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION Plugin "ntlm" [loaded], API version: 4 SASL mechanism: NTLM, best SSF: 0 security flags: NO_ANONYMOUS|NO_PLAINTEXT features: WANT_CLIENT_FIRST|SUPPORTS_HTTP Plugin "crammd5" [loaded], API version: 4 SASL mechanism: CRAM-MD5, best SSF: 0 security flags: NO_ANONYMOUS|NO_PLAINTEXT features: SERVER_FIRST Plugin "login" [loaded], API version: 4 SASL mechanism: LOGIN, best SSF: 0 security flags: NO_ANONYMOUS|PASS_CREDENTIALS features: SERVER_FIRST Plugin "kdexoauth2" [loaded], API version: 4 SASL mechanism: XOAUTH2, best SSF: 0 security flags: NO_ANONYMOUS|PASS_CREDENTIALS features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION Plugin "plain" [loaded], API version: 4 SASL mechanism: PLAIN, best SSF: 0 security flags: NO_ANONYMOUS|PASS_CREDENTIALS features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION Plugin "anonymous" [loaded], API version: 4 SASL mechanism: ANONYMOUS, best SSF: 0 security flags: NO_PLAINTEXT features: WANT_CLIENT_FIRST
I'm also seeing that with master & openSUSE (using cyrus-sasl 2.1.26) 22:42:38 - akonadi_imap_resource_7(24511) - org.kde.pim.kimap: : Connection to server lost 0 22:42:38 - akonadi_imap_resource_7(24511) - org.kde.pim.imapresource: : Session login cancelled 22:42:38 - akonadi_imap_resource_7(24511) - KWallet::Wallet::openWallet: Pass a valid window to KWallet::Wallet::openWallet(). 22:42:39 - akonadi_imap_resource_7(24511) - org.kde.pim.kimap: : sasl_client_start failed with: -4 "SASL(-4): no mechanism available: No worthy mechs found" Installed and properly configured SASL (client side) mechanisms are: SCRAM-SHA-1 GS2-IAKERB GS2-KRB5 GSSAPI GSS-SPNEGO DIGEST-MD5 EXTERNAL OTP CRAM-MD5 NTLM LOGIN PLAIN ANONYMOUS Available SASL (client side) mechanisms matching your criteria are: SCRAM-SHA-1 GS2-IAKERB GS2-KRB5 GSSAPI GSS-SPNEGO DIGEST-MD5 EXTERNAL OTP CRAM-MD5 NTLM LOGIN PLAIN ANONYMOUS List of client plugins follows Plugin "scram" [loaded], API version: 4 SASL mechanism: SCRAM-SHA-1, best SSF: 0 security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|MUTUAL_AUTH features: PROXY_AUTHENTICATION|CHANNEL_BINDING Plugin "gs2" [loaded], API version: 4 SASL mechanism: GS2-IAKERB, best SSF: 0 security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH features: WANT_CLIENT_FIRST|NEED_SERVER_FQDN|GSS_FRAMING|CHANNEL_BINDING Plugin "gs2" [loaded], API version: 4 SASL mechanism: GS2-KRB5, best SSF: 0 security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH features: WANT_CLIENT_FIRST|NEED_SERVER_FQDN|GSS_FRAMING|CHANNEL_BINDING Plugin "gssapiv2" [loaded], API version: 4 SASL mechanism: GSSAPI, best SSF: 56 security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN Plugin "gssapiv2" [loaded], API version: 4 SASL mechanism: GSS-SPNEGO, best SSF: 56 security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN|SUPPORTS_HTTP Plugin "digestmd5" [loaded], API version: 4 SASL mechanism: DIGEST-MD5, best SSF: 128 security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH features: PROXY_AUTHENTICATION|NEED_SERVER_FQDN|SUPPORTS_HTTP Plugin "EXTERNAL" [loaded], API version: 4 SASL mechanism: EXTERNAL, best SSF: 0 security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION Plugin "otp" [loaded], API version: 4 SASL mechanism: OTP, best SSF: 0 security flags: NO_ANONYMOUS|NO_PLAINTEXT|FORWARD_SECRECY features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION Plugin "crammd5" [loaded], API version: 4 SASL mechanism: CRAM-MD5, best SSF: 0 security flags: NO_ANONYMOUS|NO_PLAINTEXT features: SERVER_FIRST Plugin "ntlm" [loaded], API version: 4 SASL mechanism: NTLM, best SSF: 0 security flags: NO_ANONYMOUS|NO_PLAINTEXT features: WANT_CLIENT_FIRST|SUPPORTS_HTTP Plugin "login" [loaded], API version: 4 SASL mechanism: LOGIN, best SSF: 0 security flags: NO_ANONYMOUS|PASS_CREDENTIALS features: SERVER_FIRST Plugin "plain" [loaded], API version: 4 SASL mechanism: PLAIN, best SSF: 0 security flags: NO_ANONYMOUS|PASS_CREDENTIALS features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION Plugin "anonymous" [loaded], API version: 4 SASL mechanism: ANONYMOUS, best SSF: 0 security flags: NO_PLAINTEXT features: WANT_CLIENT_FIRST
(In reply to Christophe Giboudeaux from comment #6) > I'm also seeing that with master & openSUSE (using cyrus-sasl 2.1.26) > case solved here after exporting SASL_PATH to load the kdexoauth2 plugin from my local installation.
Luis, your KDE installation is not finding the kdexoauth2 SASL plugin. The plugin must be installed in /usr/lib(64)/sasl2, or you have to point SASL_PATH environment variable to the location where the plugin is installed (if you compile into non-standard prefix for instance). Andrea had a different problem where due to migration issue the IMAP resource wasn't using the correct authentication mechanism, we sorted that our on IRC.
Git commit c9ae16363e68d6958db0cd835cb0180b340594b5 by Daniel Vrátil. Committed on 22/04/2017 at 11:31. Pushed by dvratil into branch 'Applications/17.04'. [IMAP] Fix migration to new Gmail authentication Currently the settings would be migrated only if user opened the Settings dialog. The GmailPasswordRequester expects that the server settings is migrated correctly and always tries to authenticate via XOAUTH2, even if the configuration says "PLAIN" or other mechanism. This breaks login as we try to send XOAUTH2 tokens as PLAIN credentials. This change ensures that the encryption and auth mechanism settings is correctly migrated on resource startup. Related: bug 378857 M +12 -0 resources/imap/settings.cpp https://commits.kde.org/kdepim-runtime/c9ae16363e68d6958db0cd835cb0180b340594b5
There's a bug in Kubuntu/Neon packaging: https://bugs.kde.org/show_bug.cgi?id=379089 Closing as a downstream issue.