Bug#628525: libsasl2-modules-gssapi-mit: authentication now fails always
brian m. carlson
sandals at crustytoothpaste.net
Sun May 29 19:51:32 UTC 2011
Package: libsasl2-modules-gssapi-mit
Version: 2.1.24~rc1.dfsg1+cvs2011-05-23-2
Severity: grave
I use Kerberos 5 for my IMAP and SMTP servers. Previously, everything
worked flawlessly. Now, mutt crashes on trying to store a message in
the Sent folder, and cyrus-clients-2.4's imtest and smtptest report
failure to authenticate with GSSAPI:
lakeview ok % imtest -t "" -m GSSAPI -a bmc -u bmc imap.crustytoothpaste.net
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED AUTH=GSSAPI] Dovecot ready.
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now.
verify error:num=20:unable to get local issuer certificate
verify error:num=27:certificate not trusted
verify error:num=21:unable to verify the first certificate
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=GSSAPI
S: C01 OK Pre-login capabilities listed, post-login capabilities have more.
C: A01 AUTHENTICATE GSSAPI YIICiwYJKoZIhvcSAQICAQBuggJ6MIICdqADAgEFoQMCAQ6iBwMFAAAAAACjggGHYYIBgzCCAX+gAwIBBaEWGxRDUlVTVFlUT09USFBBU1RFLk5FVKIuMCygAwIBA6ElMCMbBGltYXAbG2Nhc3Ryby5jcnVzdHl0b290aHBhc3RlLm5ldKOCAS4wggEqoAMCARKhAwIBA6KCARwEggEY5reXqwcg0WR+ETBz73n1QUtnDTrjSe5vCjmFmk26vFaNU880mW+rcoV4hID9uw6OgTooVQE72qtjeRVhucou5f2Pio5cIJbiHQC6J5vDX8hFwXVT6I7kUJDYxKk35FoO2Ibg48Qr6GWURsuJB5sat8ckKuf4Ak64bCginAO+axm4kwFHHWG+6Kjzdheavd79YpToY5eyY8BoxRcqI3tDIwQOrX1xYK3mQWx38UaVojFDWpy96bpmLARKkxrPrxquzqAlmBTM/mevVMO8QtA6D7zwTSXa69qIi/zrb4c6ooZLtco2VoC996RLxxKWTYHoQGjKDAswkTEG9WqkyJslBap1Xba/s+fs3xQzLrInxLRl+FQTiI4RYqSB1TCB0qADAgESooHKBIHHtDYwVHiLz7F+4HJ+YuBGC+TIbFylSvVX0B8afUMUxyKXYQ4eVu4700nJ5Pj0K3ipY4sZIEZ6TYhSlcMH4TNWwBSb/GV0GM1FC+B9WCwJ0RSEfKf0C49r+De51SUwXPW5rM5aMauKnmbaAiEQ1MCjTnvwTrWHYo/2T21OkouvSrt/2p7aZKaM+P6c5rwVW+DlsGoSooezWVxRvLCf4wArFK2IVbwIsYRXJ38puE2qq8UNyqx1RT6nmM7DUzHfbTATOhQLSdy4nA==
S: +
C: *
Authentication failed. generic failure
Security strength factor: 256
A01 BAD Authentication aborted by client.
L01 LOGOUT
* BYE Logging out
L01 OK Logout completed.
Connection closed.
lakeview ok % smtptest -t "" -m GSSAPI -a bmc -u bmc smtp.crustytoothpaste.net
S: 220 castro.crustytoothpaste.net ESMTP Sendmail 8.14.4/8.14.4/Debian-2; Sun, 29 May 2011 19:45:44 GMT; (No UCE/UBE) logging access from: [IPv6:2001:470:1f05:79:216:d3ff:feb3:801e](FAIL)-[IPv6:2001:470:1f05:79:216:d3ff:feb3:801e]
C: EHLO smtptest
S: 250-castro.crustytoothpaste.net Hello [IPv6:2001:470:1f05:79:216:d3ff:feb3:801e], pleased to meet you
S: 250-ENHANCEDSTATUSCODES
S: 250-PIPELINING
S: 250-EXPN
S: 250-VERB
S: 250-8BITMIME
S: 250-SIZE
S: 250-DSN
S: 250-ETRN
S: 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5
S: 250-STARTTLS
S: 250-DELIVERBY
S: 250 HELP
C: STARTTLS
S: 220 2.0.0 Ready to start TLS
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
C: EHLO smtptest
S: 250-castro.crustytoothpaste.net Hello [IPv6:2001:470:1f05:79:216:d3ff:feb3:801e], pleased to meet you
S: 250-ENHANCEDSTATUSCODES
S: 250-PIPELINING
S: 250-EXPN
S: 250-VERB
S: 250-8BITMIME
S: 250-SIZE
S: 250-DSN
S: 250-ETRN
S: 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5 PLAIN
S: 250-DELIVERBY
S: 250 HELP
C: AUTH GSSAPI
S: 334
C: YIICiwYJKoZIhvcSAQICAQBuggJ6MIICdqADAgEFoQMCAQ6iBwMFAAAAAACjggGHYYIBgzCCAX+gAwIBBaEWGxRDUlVTVFlUT09USFBBU1RFLk5FVKIuMCygAwIBA6ElMCMbBHNtdHAbG2Nhc3Ryby5jcnVzdHl0b290aHBhc3RlLm5ldKOCAS4wggEqoAMCARKhAwIBAqKCARwEggEYV0x6ecoU3d3mHm6z9vwtboNFpb3KkkkZQ5rDf8Mlz9XV+Gi7ogvv5bXEECNDfFqXfTsal+vIyUsy8ItMGEUzXHvj6SoYDMM//umHk/q6LCKTrZmj0YkhwFEa6hXloRRpg9f8RLznOIPppHCfqUYzMEdhPIM3sH9bddRThTL3SwjHO/HzBjxinB6HJLNZUIxHn4uE39qNR5H4P/cbnGP8kprt28JN1LqTS9jcRXaJ4jm986cDvoBrEZ6xhXiUAniNuVMKlcGkWYTkoeDxRfJRUdxwhHQV40GJvgyIQG7/BEjRYMghAmWQzQwGRWASIDKluAxVbGuPRsgYdpcRNLv0yooATABCtdOdNRPED1iQQrkTnVJvCYTfdqSB1TCB0qADAgESooHKBIHHOinl6v8FtOdETIIWX8xkpzk8CNOS032OYgZRiPyaLeZ1cAZlLLyadZ4b1XhajP/L+HmQw4/sUuEEBDKVjzGssR5WbczQsvzn7rqrgyy7BnXof+GERDWiivU3zNRV2YArA0FB1KsXhpr2/Ujf9ZsaHKGTv73AXTtUw4j0ZNETgG8NTHZ+2bUMMYgZbQ7wLSWcSkXgjx8e3LO5Z1j1adbjsY1f9y2NxVnQEcFMNjAi389sFbxEOHd7Q/rNJWhYxIKuanM1V7WeHg==
S: 334
C: *
Authentication failed. generic failure
Security strength factor: 256
501 5.0.0 AUTH aborted
QUIT
221 2.0.0 castro.crustytoothpaste.net closing connection
Connection closed.
If I downgrade to version 2.1.24~rc1.dfsg1+cvs2011-05-23-1, I still see
the bug, but 2.1.23.dfsg1-8 works fine.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.39-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libsasl2-modules-gssapi-mit depends on:
ii libc6 2.13-4 Embedded GNU C Library: Shared lib
ii libcome 1.41.12-4 common error description library
ii libgssa 1.9+dfsg-1+b1 MIT Kerberos runtime libraries - k
ii libk5cr 1.9+dfsg-1+b1 MIT Kerberos runtime libraries - C
ii libkrb5 1.9+dfsg-1+b1 MIT Kerberos runtime libraries
ii libsasl 2.1.24~rc1.dfsg1+cvs2011-05-23-2 Cyrus SASL - pluggable authenticat
ii libssl1 1.0.0d-2 SSL shared libraries
libsasl2-modules-gssapi-mit recommends no packages.
libsasl2-modules-gssapi-mit suggests no packages.
-- no debconf information
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20110529/1f57da65/attachment.pgp>
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list