From: Boris Samorodov <bsam@ipt.ru>
Subject: nnimap doesn't work with: stream gssapi, auth gssapi and SSL/TLS
Date: Wed, 16 Nov 2005 11:54:38 +0300 [thread overview]
Message-ID: <62932049@srv.sem.ipt.ru> (raw)
Hi!
I've posted a bug report to news server, but it seems to be overloaded
by spam. Here is the original message.
Hello Bugfixing Girls and Boys,
I have:
$ uname srm
FreeBSD 6.0-RELEASE i386
Gnus v5.11
GNU Emacs 22.0.50.3 (i386-unknown-freebsd6.0, X toolkit, Xaw3d scroll bars)
of 2005-11-15 on srv.sem.ipt.ru -- from cvs a couple of hours ago.
Cyrus IMAP4 v2.2.10 and it's imtest. OpenSSL 0.9.7e-p1 25 Oct 2004.
Here is full .emacs[1] I'm playing with:
-----
(setq imap-log t)
(custom-set-variables
'(gnus-select-method (quote
(nnimap "host.ipt.ru"
(nnimap-stream gssapi)
(nnimap-authenticator gssapi)
(nnimap-server-port 993))))
'(imap-gssapi-program (quote ("imtest -s -m gssapi -u %l -p %p %s"))))
-----
When changing nnimap-server-port to 143 and deletting an "-s" option
from imtest command, all goes well. But I'm expecting that GNUS should
work with SSL/TLS, because imtest from console shows almost identical
answers:
=====
$ imtest -m gssapi -u bsam -p 143 -c host.ipt.ru
S: * OK host.ipt.ru Cyrus IMAP4 v2.2.10 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS AUTH=NTLM AUTH=GSSAPI AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE GSSAPI YIICHgYJKoZIhvcSAQICAQBuggINMIICCaADAgEFoQMCAQ6iBwMFACAAAACjggEtYYIBKTCCASWgAwIBBaEIGwZJUFQuUlWiIjAgoAMCAQGhGTAXGwRpbWFwGw9zZXJ2aWNlcy5pcHQucnWjge8wgeygAwIBEKEDAgEBooHfBIHcXMnkn3rSFCKd7w+IaOHP/g0gSsuGZda15MYl7PImF9gHPTKNGtcNkmKedg5cFI97Jp9WEYjfGuiFCiPUqSYugV1gceWZPnzVtp8RNBLe3WRYzAhsygVBFwkfSKrouT1+2apkYVII3kFcq9Bgac88Hzqfe2owAEZKC9JMTUCds8Lm157LdzlGCpMdZYCA7lYtyoqUbvsYwtQ3t1z1sI2Q2cfGz74goIa+dsqIWWREDRCkJoQLuFjGjWxZn/DKPMl37vpOZ3SSFJ+x8Zj6R6UDjdzUf/ed7VOpKVRCqKSBwjCBv6ADAgEQooG3BIG08qWl1rrmHkof/1I3i55J8A01Pvm3eXnX0ojsT19Xwui8YWFoiKa269AbP2HMAlcaxc0/CIQacKm0np/pAmAtB07qDHAvyB6uE4ZRSbSsGlz4lV8H99BhML+GEeTR3ikjUvL04Isfqh785KEQZsEviHdxTUYvK63uuOulQUfWdk6UEQUbOasQkdQjV++rKSvNfqQhjDG3PdsjF9yjWI9ACyg4k4mPNtZGh08dyoGqSnk+1VuM
S: + YGwGCSqGSIb3EgECAgIAb10wW6ADAgEFoQMCAQ+iTzBNoAMCARCiRgREsoVe9vaEBf7lX91zzmiUg/+kj5S2heWmQ3DoLDJ2zRa/073wM8ES14SmHf9scOXjn4fuV9phuro83GbnbrlKwnFmEdI=
C:
S: + YD8GCSqGSIb3EgECAgIBBAD/////9l8ZzJPvBLxN2sJ9qvQeADmgC4HdoytQXuowxsvMxdJYGtoGBwAQAAQEBAQ=
C: YEcGCSqGSIb3EgECAgIBBAD/////6yCVW4FihR9OYWKwO5+9PRKJJnPrlGtrtLml71tIEbt+tJhiBAAEAGJzYW0ICAgICAgICA==
S: A01 OK Success (privacy protection)
Authenticated.
Security strength factor: 56
$ imtest -s -m gssapi -u bsam -p 993 -c host.ipt.ru
verify error:num=19:self signed certificate in certificate chain
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK host.ipt.ru Cyrus IMAP4 v2.2.10 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=NTLM AUTH=LOGIN AUTH=PLAIN AUTH=GSSAPI AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR X-NETSCAPE
S: C01 OK Completed
C: A01 AUTHENTICATE GSSAPI YIICHgYJKoZIhvcSAQICAQBuggINMIICCaADAgEFoQMCAQ6iBwMFACAAAACjggEtYYIBKTCCASWgAwIBBaEIGwZJUFQuUlWiIjAgoAMCAQGhGTAXGwRpbWFwGw9zZXJ2aWNlcy5pcHQucnWjge8wgeygAwIBEKEDAgEBooHfBIHcXMnkn3rSFCKd7w+IaOHP/g0gSsuGZda15MYl7PImF9gHPTKNGtcNkmKedg5cFI97Jp9WEYjfGuiFCiPUqSYugV1gceWZPnzVtp8RNBLe3WRYzAhsygVBFwkfSKrouT1+2apkYVII3kFcq9Bgac88Hzqfe2owAEZKC9JMTUCds8Lm157LdzlGCpMdZYCA7lYtyoqUbvsYwtQ3t1z1sI2Q2cfGz74goIa+dsqIWWREDRCkJoQLuFjGjWxZn/DKPMl37vpOZ3SSFJ+x8Zj6R6UDjdzUf/ed7VOpKVRCqKSBwjCBv6ADAgEQooG3BIG0Q2Qjbbyn2z7K9ClnjBYhS3EEcaaUjAmsqpiu4zJjnbmlkEt0qdtSRkibR5njj6B0DfGr+u/nYiHCQDeALpmuaNMuKqPss6Wk+VyZzpkh08GAlmSJEB2Q6vxaITGJ9v9RZNFM68VQ8pJTAH+DQUyToNueheJu0wb+VjmIOIQSKtRSKBHVlqbp+WHOE05xbMGtp4f0AKyInK9cIRcGXPmitb5npPDJOKyXjehZkoIXAqqPv6In
S: + YGwGCSqGSIb3EgECAgIAb10wW6ADAgEFoQMCAQ+iTzBNoAMCARCiRgREGTbaGs8aP4WtNZww9igzxdVzesf7mlIo0b3fsFnvIuGEU5H4VLy/nwqQilcpi0wVxLw9iLB3my6aYekEKqa6uN1DCjU=
C:
S: + YD8GCSqGSIb3EgECAgIBBAD/////jZ8I74L8pN0laRB3w6Ds7wshBVtejlAVT0Tuip/76elMzu+dAQAQAAQEBAQ=
C: YEcGCSqGSIb3EgECAgIBBAD/////OAiVSg7TbDaBUk+m4xXjLYJkphz4RRBydojKXr9wTl+KJqLXAQAEAGJzYW0ICAgICAgICA==
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
=====
As I can see, the main difference is that the latter answer is
beginning with some error message (the certificate is
self-signed). But authentication in fact was successful.
When using config[1] and loading gnus emacs shows clocks as a cursor
forever (actually, I didn't wait more that five minutes). Top shows
emacs at select state, netstat shows that a connection with the server
is established.
Stream ssl, auth login and port 993 are working as a charm.
Thank you for cooperation. And for the great soft as well!
--
Boris B. Samorodov, Research Engineer
InPharmTech Co, http://www.ipt.ru
Telephone & Internet Service Provider
next reply other threads:[~2005-11-16 8:54 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-16 8:54 Boris Samorodov [this message]
2005-11-16 8:58 ` [SOLVED+patch] " Boris Samorodov
2005-11-16 15:25 ` Simon Josefsson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=62932049@srv.sem.ipt.ru \
--to=bsam@ipt.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).