Bug 381459 - GSSAPI login not possible with kerberos5/cyrus resp. dovecot
Summary: GSSAPI login not possible with kerberos5/cyrus resp. dovecot
Status: RESOLVED WORKSFORME
Alias: None
Product: kimap
Classification: Frameworks and Libraries
Component: general (show other bugs)
Version: unspecified
Platform: Kubuntu Linux
: NOR normal
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-20 20:34 UTC by Robert Schöftner
Modified: 2022-12-06 05:20 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
communication log (254 bytes, text/plain)
2017-06-20 20:34 UTC, Robert Schöftner 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Schöftner 2017-06-20 20:34:30 UTC 
Created attachment 106200 [details]
communication log

login with authentication set to "GSSAPI" (kerberos5) via unencrypted connection is not possible, connection attempts time out.

MIT kerberos5, IMAP server cyrus 2.4 and dovecot 2.2.22, ubuntu 16.04 with kubuntu-backports.

thunderbird works ok. mutt works ok. cyrus imtest works ok. tickets are valid and working.

investigation reveals that something fishy happens in loginjob.cpp, if i change line 465 to

result = sasl_client_start(conn, authMode.toLatin1(), &client_interact, &out, &outlen, &mechusing);

everything seems to work. capabilities seems to be empty.
Comment 1 Robert Schöftner 2017-06-20 23:54:36 UTC 
It seems that 

* initial response with announcement of CAPABILITIES from the imap server (server greeting) is ignored
* therefore SASL-IR capability is not known
* AUTHENTICATE GSSAPI is sent so server
* server responds with continuation
* code is not prepared to handle continuation for this case.

checking the capabilities in the server greeting can't hurt IMHO, but nevertheless the continuation with authMode "GSSAPI" should be handled.
Comment 2 Robert Schöftner 2017-06-21 12:15:27 UTC 
The problem goes away when using TLS.
Comment 3 Justin Zobel 2022-11-06 09:24:39 UTC 
Thank you for reporting this issue in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version?

If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!
Comment 4 Bug Janitor Service 2022-11-21 05:13:50 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 5 Bug Janitor Service 2022-12-06 05:20:32 UTC 
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!