Bug#448499: cyrus-clients-2.3: imtest fails with Dovecot/GSSAPI: invalid response length

Benjamin Seidenberg benjamin at debian.org
Mon Oct 29 15:34:17 UTC 2007 

severity 448499 minor
thanks

Brian:

This is definitely interesting. It's very difficult to tell what's going
on since the relevant part (what's different) was blacked out. I'd be
interested in what happens if you try -a instead of -u.

Since imtest works fine with -u, and the default is just a matter of
convenience and the failure is trivial to work around, I'm going to drop
the severity of this bug to minor. I don't have much time at the moment
to debug it, but I'll definitely leave the bug open.

Benjamin


brian m. carlson wrote:
> Package: cyrus-clients-2.3
> Version: 2.3.8-1
> Severity: normal
> File: /usr/bin/imtest
>
> imtest fails to authenticate against Dovecot using GSSAPI, unless I
> use the -u option.
>
> mutt and evolution work fine, both using STARTTLS and GSSAPI.  Whether
> I use STARTTLS (-t "") has no bearing on whether or not imtest works. 
> Note that authentication *does* work if I use -u bmc to specify the
> authorization user ID, but it shouldn't require that, since I'm logged
> into the client machine as bmc.
>
> Client side:
> lakeview no % imtest -m GSSAPI castro
> S: * OK Dovecot ready.
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND
> UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS
> LOGINDISABLED AUTH=GSSAPI
> S: C01 OK Capability completed.
> C: A01 AUTHENTICATE GSSAPI ...
> S: + ...
> C: S: + ...
> C: ...
> S: A01 NO Authentication failed.
> Authentication failed. generic failure
> Security strength factor: 0
> * LOGOUT
> * BYE Logging out
> * OK Logout completed.
> Connection closed.
>
> lakeview ok % imtest -m GSSAPI -u bmc castro                  S: * OK
> Dovecot ready.
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND
> UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS
> LOGINDISABLED AUTH=GSSAPI
> S: C01 OK Capability completed.
> C: A01 AUTHENTICATE GSSAPI ...
> S: + ...
> C: S: + ...
> C: ...
> S: A01 OK Logged in.
> Authenticated.
> Security strength factor: 0
> * LOGOUT
> * BYE Logging out
> * OK Logout completed.
> Connection closed.
>
> lakeview ok % whoami
> bmc
>
>
> Server side:
> Oct 29 09:31:28 castro dovecot: auth(default):
> gssapi(?,::ffff:172.16.2.249): Invalid response length
> Oct 29 09:31:35 castro dovecot: imap-login: Aborted login:
> method=GSSAPI, rip=::ffff:172.16.2.249, lip=::ffff:98.197.197.167, TLS
> Oct 29 10:14:21 castro dovecot: imap-login: Login: user=<bmc>,
> method=GSSAPI, rip=::ffff:172.16.2.249, lip=::ffff:98.197.197.167
> Oct 29 10:14:24 castro dovecot: IMAP(bmc): Disconnected: Logged out
>
> Actual data is omitted and replaced with "...", because I'm not sure
> whether any sensitive information is passed.  If no sensitive
> information is passed, or that information can be readily destroyed
> (say, with kdestroy and kinit), then I'm happy to provide a full
> transcript.  If a DD really needs a test account, I'm happy to provide
> one of those, too; simply send me an email with your preferred username.
>
> -- System Information:
> Debian Release: lenny/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.23-1-amd64 (SMP w/2 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> (ignored: LC_ALL set to en_US.UTF-8)
> Shell: /bin/sh linked to /bin/bash
>
> Versions of packages cyrus-clients-2.3 depends on:
> ii  libc6                    2.6.1-6         GNU C Library: Shared
> libraries
> ii  libdb4.4                 4.4.20-11       Berkeley v4.4 Database
> Libraries [
> ii  libsasl2-2               2.1.22.dfsg1-16 Cyrus SASL -
> authentication abstra
> ii  libssl0.9.8              0.9.8g-1        SSL shared libraries
>
> cyrus-clients-2.3 recommends no packages.
>
> -- no debconf information
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pkg-Cyrus-imapd-Debian-devel mailing list
> Pkg-Cyrus-imapd-Debian-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-cyrus-imapd-debian-devel


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cyrus-imapd-debian-devel/attachments/20071029/2b280499/attachment-0001.pgp

More information about the Pkg-Cyrus-imapd-Debian-devel mailing list