authentication problems

authentication problems

[Austin F. Frank]

[-- Attachment #1: Type: text/plain, Size: 992 bytes --]

Hi all--

Thanks for the recent hard work.  Gnus is even more fun to use now that
g is fast.

I'm writing because I'm trying to get my .authinfo.gpg set up
correctly.  I thought I had it working, but recently my logins have
stopped working.  The problem is that the user is being passed in as
nil, even though it's defined in .authinfo.gpg.  Here are the (I think)
relevant parts of my config.

.authinfo.gpg:

machine mail.example.com user aufrank password not_really_my_password

.gnus:

(add-to-list 'gnus-secondary-select-methods
             '(nnimap "example"
                      (nnimap-address "mail.example.com")
                      (nnimap-stream ssl)))

and the *imap log* buffer

14:55:59 1 LOGIN nil not_really_my_password


Any debugging tips to help me chase down why my username isn't making it
into the imap login attempt?


Thanks,
/au

-- 
Austin Frank
http://aufrank.net
GPG Public Key (D7398C2F): http://aufrank.net/personal.asc

[-- Attachment #2: Type: application/pgp-signature, Size: 194 bytes --]

Re: authentication problems

[Ted Zlatanov]

On Fri, 24 Sep 2010 15:12:24 -0400 "Austin F. Frank" <austin.frank@gmail.com> wrote: 

AFF> I'm writing because I'm trying to get my .authinfo.gpg set up
AFF> correctly.  I thought I had it working, but recently my logins have
AFF> stopped working.  The problem is that the user is being passed in as
AFF> nil, even though it's defined in .authinfo.gpg.  Here are the (I think)
AFF> relevant parts of my config.

AFF> .authinfo.gpg:

AFF> machine mail.example.com user aufrank password not_really_my_password

AFF> .gnus:

AFF> (add-to-list 'gnus-secondary-select-methods
AFF>              '(nnimap "example"
AFF>                       (nnimap-address "mail.example.com")
AFF>                       (nnimap-stream ssl)))

AFF> and the *imap log* buffer

AFF> 14:55:59 1 LOGIN nil not_really_my_password

AFF> Any debugging tips to help me chase down why my username isn't making it
AFF> into the imap login attempt?

That setup looks OK.  Can you please set auth-source-debug to t and look
in *Messages* for auth-source messages?

Thanks
Ted

Re: authentication problems

[Austin F. Frank]

[-- Attachment #1: Type: text/plain, Size: 1320 bytes --]

On Fri, Sep 24 2010, Ted Zlatanov wrote:

> That setup looks OK.  Can you please set auth-source-debug to t and
> look in *Messages* for auth-source messages?

Relevant lines:

#v+
auth-source-user-or-password: get (login password) for news.gmane.org (nntp) + user=nil
/Users/aufrank/.auth: 0% (0/1216)
/Users/aufrank/.auth: 100% (1216/1216)
/Users/aufrank/.auth: 0% (0/1216)
/Users/aufrank/.auth: 100% (1216/1216)
Reading /Users/aufrank/.newsrc.eld...
Reading ~/.gnus.registry.eld...done
Reading active file from news.gmane.org via nntp...
Reading active file from example via nnimap...
Opening nnimap server on example...
Opening TLS connection to `mail.example.com'...
Opening TLS connection with `gnutls-cli -p imaps mail.example.com'...done
Opening TLS connection to `mail.example.com'...done
auth-source-user-or-password: get (login password) for mail.example.com (143) + user=nil
/Users/aufrank/.auth: 0% (0/1216)
/Users/aufrank/.auth: 100% (1216/1216)
/Users/aufrank/.auth: 0% (0/1216)
/Users/aufrank/.auth: 100% (1216/1216)
auth-source-user-or-password: found (login password)=SECRET for mail.example.com (143) + nil
Opening nnimap server on haskins...failed
#v-


Thanks,
/au

-- 
Austin Frank
http://aufrank.net
GPG Public Key (D7398C2F): http://aufrank.net/personal.asc

[-- Attachment #2: Type: application/pgp-signature, Size: 194 bytes --]

Re: authentication problems

[Ted Zlatanov]

On Fri, 24 Sep 2010 16:29:15 -0400 "Austin F. Frank" <austin.frank@gmail.com> wrote: 

AFF> auth-source-user-or-password: get (login password) for mail.example.com (143) + user=nil
AFF> auth-source-user-or-password: found (login password)=SECRET for mail.example.com (143) + nil
AFF> Opening nnimap server on haskins...failed

Looks like it found something, at least (the password is blanked out
which sucks for debugging).

Can you repeat with `auth-source-hide-passwords' set to t and see if it
found the interesting data?  For me it works:

M-: (auth-source-user-or-password '("login" "password") "imap.lifelogs.com" 143)

("tzz" "mypasswordhere")

Ted

Re: authentication problems

[Austin F. Frank]

[-- Attachment #1: Type: text/plain, Size: 751 bytes --]

On Fri, Sep 24 2010, Ted Zlatanov wrote:

> Looks like it found something, at least (the password is blanked out
> which sucks for debugging).
>
> Can you repeat with `auth-source-hide-passwords' set to t and see if it
> found the interesting data?  For me it works:
>
> M-: (auth-source-user-or-password '("login" "password")
> "imap.lifelogs.com" 143)
>
> ("tzz" "mypasswordhere")

I get

(nil "not_my_real_password")

I can send a cleartext version of my actual .authinfo.gpg to you
directly if that would help (with passwords replaced, of course).  This
feels like a typo in .authinfo.gpg, but I swear I don't see one.

/au

-- 
Austin Frank
http://aufrank.net
GPG Public Key (D7398C2F): http://aufrank.net/personal.asc

[-- Attachment #2: Type: application/pgp-signature, Size: 194 bytes --]

Re: authentication problems

[Ted Zlatanov]

On Fri, 24 Sep 2010 17:03:00 -0400 "Austin F. Frank" <austin.frank@gmail.com> wrote: 

AFF> On Fri, Sep 24 2010, Ted Zlatanov wrote:
>> Looks like it found something, at least (the password is blanked out
>> which sucks for debugging).
>> 
>> Can you repeat with `auth-source-hide-passwords' set to t and see if it
>> found the interesting data?  For me it works:
>> 
>> M-: (auth-source-user-or-password '("login" "password")
>> "imap.lifelogs.com" 143)
>> 
>> ("tzz" "mypasswordhere")

AFF> I get

AFF> (nil "not_my_real_password")

AFF> I can send a cleartext version of my actual .authinfo.gpg to you
AFF> directly if that would help (with passwords replaced, of course).  This
AFF> feels like a typo in .authinfo.gpg, but I swear I don't see one.

I think you need to run `M-x auth-source-forget-all-cached' to clear the
data cache.  That avoids reopening the authinfo file every time.  I
think that should be run automatically for you but I'm not sure.

Ted

Re: authentication problems

[Ted Zlatanov]

On Fri, 24 Sep 2010 16:24:09 -0500 Ted Zlatanov <tzz@lifelogs.com> wrote: 

TZ> I think you need to run `M-x auth-source-forget-all-cached' to clear the
TZ> data cache.  That avoids reopening the authinfo file every time.  I
TZ> think that should be run automatically for you but I'm not sure.

I mean I'm not sure if that's a good idea.  It's definitely not
happening automatically now.

Ted

Re: authentication problems

[Austin F. Frank]

[-- Attachment #1: Type: text/plain, Size: 2090 bytes --]

On Fri, Sep 24 2010, Ted Zlatanov wrote:

>>> M-: (auth-source-user-or-password '("login" "password")
>>> "imap.lifelogs.com" 143)
>>> 
>>> ("tzz" "mypasswordhere")
>
> AFF> I get
>
> AFF> (nil "not_my_real_password")
>
> AFF> I can send a cleartext version of my actual .authinfo.gpg to you
> AFF> directly if that would help (with passwords replaced, of course).
> AFF> This feels like a typo in .authinfo.gpg, but I swear I don't
> AFF> see one.
>
> I think you need to run `M-x auth-source-forget-all-cached' to clear
> the data cache.  That avoids reopening the authinfo file every time.
> I think that should be run automatically for you but I'm not sure.

I ran the forget function and then checked the variable
auth-source-cache to confirm that it was empty.  The output in the
*Messages* buffer hasn't changed, though.

#v+
Opening nnimap server on example...
Opening TLS connection to `mail.example.com'...
Opening TLS connection with `gnutls-cli -p imaps mail.example.com'...failed
Opening TLS connection with `gnutls-cli -p imaps mail.example.com --protocols ssl3'...failed
Opening TLS connection with `openssl s_client -connect mail.example.com:imaps -no_ssl2 -ign_eof'...done
Opening TLS connection to `mail.example.com'...done
auth-source-user-or-password: get (login password) for mail.example.com (143) + user=nil
/Users/aufrank/.auth: 0% (0/1216)
/Users/aufrank/.auth: 100% (1216/1216)
/Users/aufrank/.auth: 0% (0/1216)
/Users/aufrank/.auth: 100% (1216/1216)
auth-source-user-or-password: found (login password)=SECRET for mail.example.com (143) + nil
Opening nnimap server on example...failed
Server denied access
#v-

Looking through that log, the first two TLS failures are expected, the
site uses a self-signed certificate.  I enter the password for the key
that signed my .authinfo.gpg, and it reports finding the relevant line,
but still doesn't find the user name.

Thanks again for your help chasing this down!
/au

-- 
Austin Frank
http://aufrank.net
GPG Public Key (D7398C2F): http://aufrank.net/personal.asc

[-- Attachment #2: Type: application/pgp-signature, Size: 194 bytes --]

Re: authentication problems

[Ted Zlatanov]

On Sat, 25 Sep 2010 10:25:34 -0400 "Austin F. Frank" <austin.frank@gmail.com> wrote: 

AFF> On Fri, Sep 24 2010, Ted Zlatanov wrote:
>>>> M-: (auth-source-user-or-password '("login" "password")
>>>> "imap.lifelogs.com" 143)
>>>> 
>>>> ("tzz" "mypasswordhere")
>> 
AFF> I get
>> 
AFF> (nil "not_my_real_password")
>> 
AFF> I can send a cleartext version of my actual .authinfo.gpg to you
AFF> directly if that would help (with passwords replaced, of course).
AFF> This feels like a typo in .authinfo.gpg, but I swear I don't
AFF> see one.
>> 
>> I think you need to run `M-x auth-source-forget-all-cached' to clear
>> the data cache.  That avoids reopening the authinfo file every time.
>> I think that should be run automatically for you but I'm not sure.

AFF> I ran the forget function and then checked the variable
AFF> auth-source-cache to confirm that it was empty.  The output in the
AFF> *Messages* buffer hasn't changed, though.
AFF> #v+
AFF> Opening nnimap server on example...
AFF> Opening TLS connection to `mail.example.com'...
AFF> Opening TLS connection with `gnutls-cli -p imaps mail.example.com'...failed
AFF> Opening TLS connection with `gnutls-cli -p imaps mail.example.com --protocols ssl3'...failed
AFF> Opening TLS connection with `openssl s_client -connect mail.example.com:imaps -no_ssl2 -ign_eof'...done
AFF> Opening TLS connection to `mail.example.com'...done
AFF> auth-source-user-or-password: get (login password) for mail.example.com (143) + user=nil
AFF> /Users/aufrank/.auth: 0% (0/1216)
AFF> /Users/aufrank/.auth: 100% (1216/1216)
AFF> /Users/aufrank/.auth: 0% (0/1216)
AFF> /Users/aufrank/.auth: 100% (1216/1216)
AFF> auth-source-user-or-password: found (login password)=SECRET for mail.example.com (143) + nil
AFF> Opening nnimap server on example...failed
AFF> Server denied access
AFF> #v-

AFF> Looking through that log, the first two TLS failures are expected, the
AFF> site uses a self-signed certificate.  I enter the password for the key
AFF> that signed my .authinfo.gpg, and it reports finding the relevant line,
AFF> but still doesn't find the user name.

I think this is fixed now.  Can you test?

Thanks
Ted