From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/61373 Path: news.gmane.org!not-for-mail From: Boris Samorodov Newsgroups: gmane.emacs.gnus.general Subject: nnimap doesn't work with: stream gssapi, auth gssapi and SSL/TLS Date: Wed, 16 Nov 2005 11:54:38 +0300 Message-ID: <62932049@srv.sem.ipt.ru> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1132131477 10800 80.91.229.2 (16 Nov 2005 08:57:57 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Wed, 16 Nov 2005 08:57:57 +0000 (UTC) Original-X-From: ding-owner+m9905@lists.math.uh.edu Wed Nov 16 09:57:47 2005 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by ciao.gmane.org with esmtp (Exim 4.43) id 1EcJ5X-0000s0-TA for ding-account@gmane.org; Wed, 16 Nov 2005 09:56:20 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu ident=lists) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1EcJ5T-0005p8-00; Wed, 16 Nov 2005 02:56:15 -0600 Original-Received: from nas01.math.uh.edu ([129.7.128.39]) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1EcJ4v-0005p2-00 for ding@lists.math.uh.edu; Wed, 16 Nov 2005 02:55:41 -0600 Original-Received: from quimby.gnus.org ([80.91.224.244]) by nas01.math.uh.edu with esmtp (Exim 4.52) id 1EcJ4p-0006Ae-LT for ding@lists.math.uh.edu; Wed, 16 Nov 2005 02:55:41 -0600 Original-Received: from mail.ipt.ru ([80.253.10.82]) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1EcJ4m-0004X0-00 for ; Wed, 16 Nov 2005 09:55:32 +0100 Original-Received: from admin.sem.ipt.ru ([192.168.12.1] helo=srv.sem.ipt.ru) by mail.ipt.ru with esmtp (Exim 4.54 (FreeBSD)) id 1EcJ4l-000O0j-ST; Wed, 16 Nov 2005 11:55:31 +0300 Original-Received: from bsam by srv.sem.ipt.ru with local (Exim 4.54 (FreeBSD)) id 1EcJ3u-000Icw-1Y; Wed, 16 Nov 2005 11:54:38 +0300 Original-To: ding@gnus.org User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (berkeley-unix) X-Spam-Score: -2.6 (--) Precedence: bulk Original-Sender: ding-owner@lists.math.uh.edu Xref: news.gmane.org gmane.emacs.gnus.general:61373 Archived-At: Hi! I've posted a bug report to news server, but it seems to be overloaded by spam. Here is the original message. Hello Bugfixing Girls and Boys, I have: $ uname srm FreeBSD 6.0-RELEASE i386 Gnus v5.11 GNU Emacs 22.0.50.3 (i386-unknown-freebsd6.0, X toolkit, Xaw3d scroll bars) of 2005-11-15 on srv.sem.ipt.ru -- from cvs a couple of hours ago. Cyrus IMAP4 v2.2.10 and it's imtest. OpenSSL 0.9.7e-p1 25 Oct 2004. Here is full .emacs[1] I'm playing with: ----- (setq imap-log t) (custom-set-variables '(gnus-select-method (quote (nnimap "host.ipt.ru" (nnimap-stream gssapi) (nnimap-authenticator gssapi) (nnimap-server-port 993)))) '(imap-gssapi-program (quote ("imtest -s -m gssapi -u %l -p %p %s")))) ----- When changing nnimap-server-port to 143 and deletting an "-s" option from imtest command, all goes well. But I'm expecting that GNUS should work with SSL/TLS, because imtest from console shows almost identical answers: ===== $ imtest -m gssapi -u bsam -p 143 -c host.ipt.ru S: * OK host.ipt.ru Cyrus IMAP4 v2.2.10 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS AUTH=NTLM AUTH=GSSAPI AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR X-NETSCAPE S: C01 OK Completed C: A01 AUTHENTICATE GSSAPI YIICHgYJKoZIhvcSAQICAQBuggINMIICCaADAgEFoQMCAQ6iBwMFACAAAACjggEtYYIBKTCCASWgAwIBBaEIGwZJUFQuUlWiIjAgoAMCAQGhGTAXGwRpbWFwGw9zZXJ2aWNlcy5pcHQucnWjge8wgeygAwIBEKEDAgEBooHfBIHcXMnkn3rSFCKd7w+IaOHP/g0gSsuGZda15MYl7PImF9gHPTKNGtcNkmKedg5cFI97Jp9WEYjfGuiFCiPUqSYugV1gceWZPnzVtp8RNBLe3WRYzAhsygVBFwkfSKrouT1+2apkYVII3kFcq9Bgac88Hzqfe2owAEZKC9JMTUCds8Lm157LdzlGCpMdZYCA7lYtyoqUbvsYwtQ3t1z1sI2Q2cfGz74goIa+dsqIWWREDRCkJoQLuFjGjWxZn/DKPMl37vpOZ3SSFJ+x8Zj6R6UDjdzUf/ed7VOpKVRCqKSBwjCBv6ADAgEQooG3BIG08qWl1rrmHkof/1I3i55J8A01Pvm3eXnX0ojsT19Xwui8YWFoiKa269AbP2HMAlcaxc0/CIQacKm0np/pAmAtB07qDHAvyB6uE4ZRSbSsGlz4lV8H99BhML+GEeTR3ikjUvL04Isfqh785KEQZsEviHdxTUYvK63uuOulQUfWdk6UEQUbOasQkdQjV++rKSvNfqQhjDG3PdsjF9yjWI9ACyg4k4mPNtZGh08dyoGqSnk+1VuM S: + YGwGCSqGSIb3EgECAgIAb10wW6ADAgEFoQMCAQ+iTzBNoAMCARCiRgREsoVe9vaEBf7lX91zzmiUg/+kj5S2heWmQ3DoLDJ2zRa/073wM8ES14SmHf9scOXjn4fuV9phuro83GbnbrlKwnFmEdI= C: S: + YD8GCSqGSIb3EgECAgIBBAD/////9l8ZzJPvBLxN2sJ9qvQeADmgC4HdoytQXuowxsvMxdJYGtoGBwAQAAQEBAQ= C: YEcGCSqGSIb3EgECAgIBBAD/////6yCVW4FihR9OYWKwO5+9PRKJJnPrlGtrtLml71tIEbt+tJhiBAAEAGJzYW0ICAgICAgICA== S: A01 OK Success (privacy protection) Authenticated. Security strength factor: 56 $ imtest -s -m gssapi -u bsam -p 993 -c host.ipt.ru verify error:num=19:self signed certificate in certificate chain TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: * OK host.ipt.ru Cyrus IMAP4 v2.2.10 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=NTLM AUTH=LOGIN AUTH=PLAIN AUTH=GSSAPI AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR X-NETSCAPE S: C01 OK Completed C: A01 AUTHENTICATE GSSAPI YIICHgYJKoZIhvcSAQICAQBuggINMIICCaADAgEFoQMCAQ6iBwMFACAAAACjggEtYYIBKTCCASWgAwIBBaEIGwZJUFQuUlWiIjAgoAMCAQGhGTAXGwRpbWFwGw9zZXJ2aWNlcy5pcHQucnWjge8wgeygAwIBEKEDAgEBooHfBIHcXMnkn3rSFCKd7w+IaOHP/g0gSsuGZda15MYl7PImF9gHPTKNGtcNkmKedg5cFI97Jp9WEYjfGuiFCiPUqSYugV1gceWZPnzVtp8RNBLe3WRYzAhsygVBFwkfSKrouT1+2apkYVII3kFcq9Bgac88Hzqfe2owAEZKC9JMTUCds8Lm157LdzlGCpMdZYCA7lYtyoqUbvsYwtQ3t1z1sI2Q2cfGz74goIa+dsqIWWREDRCkJoQLuFjGjWxZn/DKPMl37vpOZ3SSFJ+x8Zj6R6UDjdzUf/ed7VOpKVRCqKSBwjCBv6ADAgEQooG3BIG0Q2Qjbbyn2z7K9ClnjBYhS3EEcaaUjAmsqpiu4zJjnbmlkEt0qdtSRkibR5njj6B0DfGr+u/nYiHCQDeALpmuaNMuKqPss6Wk+VyZzpkh08GAlmSJEB2Q6vxaITGJ9v9RZNFM68VQ8pJTAH+DQUyToNueheJu0wb+VjmIOIQSKtRSKBHVlqbp+WHOE05xbMGtp4f0AKyInK9cIRcGXPmitb5npPDJOKyXjehZkoIXAqqPv6In S: + YGwGCSqGSIb3EgECAgIAb10wW6ADAgEFoQMCAQ+iTzBNoAMCARCiRgREGTbaGs8aP4WtNZww9igzxdVzesf7mlIo0b3fsFnvIuGEU5H4VLy/nwqQilcpi0wVxLw9iLB3my6aYekEKqa6uN1DCjU= C: S: + YD8GCSqGSIb3EgECAgIBBAD/////jZ8I74L8pN0laRB3w6Ds7wshBVtejlAVT0Tuip/76elMzu+dAQAQAAQEBAQ= C: YEcGCSqGSIb3EgECAgIBBAD/////OAiVSg7TbDaBUk+m4xXjLYJkphz4RRBydojKXr9wTl+KJqLXAQAEAGJzYW0ICAgICAgICA== S: A01 OK Success (tls protection) Authenticated. Security strength factor: 256 ===== As I can see, the main difference is that the latter answer is beginning with some error message (the certificate is self-signed). But authentication in fact was successful. When using config[1] and loading gnus emacs shows clocks as a cursor forever (actually, I didn't wait more that five minutes). Top shows emacs at select state, netstat shows that a connection with the server is established. Stream ssl, auth login and port 993 are working as a charm. Thank you for cooperation. And for the great soft as well! -- Boris B. Samorodov, Research Engineer InPharmTech Co, http://www.ipt.ru Telephone & Internet Service Provider