Bug#448499: cyrus-clients-2.3: imtest fails with Dovecot/GSSAPI: invalid response length

brian m. carlson sandals at crustytoothpaste.ath.cx
Mon Oct 29 14:16:26 UTC 2007 

Package: cyrus-clients-2.3
Version: 2.3.8-1
Severity: normal
File: /usr/bin/imtest

imtest fails to authenticate against Dovecot using GSSAPI, unless I use 
the -u option.

mutt and evolution work fine, both using STARTTLS and GSSAPI.  Whether I 
use STARTTLS (-t "") has no bearing on whether or not imtest works.  
Note that authentication *does* work if I use -u bmc to specify the 
authorization user ID, but it shouldn't require that, since I'm logged 
into the client machine as bmc.

Client side:
lakeview no % imtest -m GSSAPI castro
S: * OK Dovecot ready.
C: C01 CAPABILITY
S: * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS LOGINDISABLED AUTH=GSSAPI
S: C01 OK Capability completed.
C: A01 AUTHENTICATE GSSAPI ...
S: + ...
C: 
S: + ...
C: ...
S: A01 NO Authentication failed.
Authentication failed. generic failure
Security strength factor: 0
* LOGOUT
* BYE Logging out
* OK Logout completed.
Connection closed.

lakeview ok % imtest -m GSSAPI -u bmc castro                  
S: * OK Dovecot ready.
C: C01 CAPABILITY
S: * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS LOGINDISABLED AUTH=GSSAPI
S: C01 OK Capability completed.
C: A01 AUTHENTICATE GSSAPI ...
S: + ...
C: 
S: + ...
C: ...
S: A01 OK Logged in.
Authenticated.
Security strength factor: 0
* LOGOUT
* BYE Logging out
* OK Logout completed.
Connection closed.

lakeview ok % whoami
bmc


Server side:
Oct 29 09:31:28 castro dovecot: auth(default): gssapi(?,::ffff:172.16.2.249): Invalid response length
Oct 29 09:31:35 castro dovecot: imap-login: Aborted login: method=GSSAPI, rip=::ffff:172.16.2.249, lip=::ffff:98.197.197.167, TLS
Oct 29 10:14:21 castro dovecot: imap-login: Login: user=<bmc>, method=GSSAPI, rip=::ffff:172.16.2.249, lip=::ffff:98.197.197.167
Oct 29 10:14:24 castro dovecot: IMAP(bmc): Disconnected: Logged out

Actual data is omitted and replaced with "...", because I'm not sure 
whether any sensitive information is passed.  If no sensitive 
information is passed, or that information can be readily destroyed 
(say, with kdestroy and kinit), then I'm happy to provide a full 
transcript.  If a DD really needs a test account, I'm happy to provide 
one of those, too; simply send me an email with your preferred username.

-- System Information:
Debian Release: lenny/sid
   APT prefers unstable
   APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.23-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages cyrus-clients-2.3 depends on:
ii  libc6                    2.6.1-6         GNU C Library: Shared libraries
ii  libdb4.4                 4.4.20-11       Berkeley v4.4 Database Libraries [
ii  libsasl2-2               2.1.22.dfsg1-16 Cyrus SASL - authentication abstra
ii  libssl0.9.8              0.9.8g-1        SSL shared libraries

cyrus-clients-2.3 recommends no packages.

-- no debconf information

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
a typesetting engine: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cyrus-imapd-debian-devel/attachments/20071029/16a44655/attachment.pgp

More information about the Pkg-Cyrus-imapd-Debian-devel mailing list