Bug#624831: cyrus-clients-2.4: with TLS, falsely claims AUTH=GSSAPI not allowed
Dan White
dwhite at olp.net
Mon May 2 02:33:30 UTC 2011
This was fixed upstream recently. See:
http://bugzilla.cyrusimap.org/bugzilla3/show_bug.cgi?id=3444
On 01/05/11 22:27 +0000, brian m. carlson wrote:
>Package: cyrus-clients-2.4
>Version: 2.4.8-1
>Severity: normal
>File: /usr/bin/imtest
>
>I use Kerberos 5 and GSSAPI to authenticate to my IMAP server. If and
>only if I use TLS, imtest will claim (falsely) that AUTH=GSSAPI was not
>advertised by the server and refuses to use it to authenticate.
>
>Without TLS:
>
> lakeview ok % imtest -m gssapi -a bmc -u bmc castro.crustytoothpaste.net
> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED AUTH=GSSAPI] Dovecot ready.
>With TLS:
>
> lakeview ok % imtest -t "" -m gssapi -a bmc -u bmc castro.crustytoothpaste.net
> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED AUTH=GSSAPI] Dovecot ready.
> C: S01 STARTTLS
> S: S01 OK Begin TLS negotiation now.
> verify error:num=18:self signed certificate
> TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=GSSAPI
This was recently fixed in upstream. See:
http://bugzilla.cyrusimap.org/bugzilla3/show_bug.cgi?id=3444
--
Dan White
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list