[Dovecot] GSSAPI auth failing for kmail
Timo Sirainen
tss at iki.fi
Thu Mar 1 14:04:30 EET 2012
On Fri, 2012-03-02 at 00:57 +1300, Mark Davies wrote:
>
> On 03/02/12 00:52, Timo Sirainen wrote:
> >> so what bit of the code should I be looking at to see what happens
> >> between the "security context state completed" and the "client out"?
> >
> > All of the code is in mech-gssapi.c
>
> Yes, I'm just trying to work out the flow of the calls in and out of there.
The problem is that that mech_gssapi_sec_context() calls
gss_accept_sec_context(), which is supposed to return some output in
output_token, but it doesn't. So I don't think there's anything in
Dovecot code that is helpful in debugging this. You'd have to look into
the GSSAPI/Kerbereros libraries.
> > Are these working vs. non-working Dovecots in same or different servers?
>
> All the working and non working connections are against a single dovecot
> instance, just using different clients.
Oh. So GSSAPI in general is working, just not with kmail. I think if you
downgraded to Dovecot v2.0 in your current system it would fail as well.
The difference between your previously working system and currently
working system is the GSSAPI/Kerberos libraries.
More information about the dovecot
mailing list