[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [msmtp-users] msmtp: support for authentication method GSSAPI is not compiled in / gssapi support for msmtp
Hi Simon,
I installed the heimdal package and then tried to include
kerberos-v5 support in the SASL but kerberos_v5 support is not inclueded
in the SASL build .below is the output of # ./configure
--enable-kerberos_v5
Checking if PLAIN should be used... yes
checking if LOGIN should be used... yes
checking if SECURID should be used... yes
checking for libntlm... yes
checking how to link with libntlm... /usr/local/lib/libntlm.so
-Wl,-rpath -Wl,/usr/local/lib
checking if NTLM should be used... yes
checking if CRAM-MD5 should be used... yes
checking if DIGEST-MD5 should be used... yes
configure: checking for GSS implementation (heimdal)
configure: trying Heimdal
checking for krb5-config... /usr/heimdal/bin/krb5-config
checking gssapi.h usability... yes
checking gssapi.h presence... yes
checking for gssapi.h... yes
checking if GS2 should be used... no
checking if GSSAPI should be used... yes
checking for libshishi... no
configure: WARNING: GNU Shishi not found, disabling KERBEROS_V5
checking if KERBEROS_V5 should be used... no
checking for libidn... no
configure: WARNING: GNU Libidn not found. Stringprep disabled.
checking if non-ASCII support via Libidn should be built... No
I also tried with MIT kerberos package 1.6.1
It always look for libshishi support.then I installed the shishi-0.0.35
version and tried but I got some compilation error when the
--enable-kerberos_v5 flag is on .
without shishi kerberos_v5 support is possible in SASL?
Even kerberos_v5 is failed I am able to include the gssapi support in
msmtp.
Localhost:~/SMTP__AUTH# msmtp --version
msmtp version 1.4.14
TLS/SSL library: none
Authentication library: GNU SASL
Supported authentication methods:
plain cram-md5 digest-md5 gssapi external login ntlm
IDN support: disabled
NLS: enabled, LOCALEDIR is /usr/local/share/locale
System configuration file name: /usr/local/etc/msmtprc
User configuration file name: /root/.msmtprc
But the gssappi authentication is failing.Follwing is the output of
gsasl --smtp command and msmtp --auth command
localhost:~# gsasl --smtp labmail.com
Trying `labmail.com'...
220 tmail.labmail.com Microsoft ESMTP MAIL Service, Version:
5.0.2195.6713 ready at Fri, 25 Apr 2008 15:10:12 -1000
EHLO [127.0.0.1]
250-tmail.labmail.com Hello [172.168.8.92]
250-TURN
250-ATRN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
AUTH GSSAPI
334 GSSAPI supported
gsasl: mechanism error: Base 64 coding error in SASL library
localhost~# msmtp -d --auth=gssapi acc@...148...
using account default from /root/.msmtprc
host = labmail.com
port = 25
timeout = off
protocol = smtp
domain = localhost
auth = GSSAPI
user = acc
password = *
ntlmdomain = (not set)
tls = off
tls_starttls = on
tls_trust_file = (not set)
tls_key_file = (not set)
tls_cert_file = (not set)
tls_certcheck = on
tls_force_sslv3 = off
auto_from = off
maildomain = (not set)
from = ebx@...45...
dsn_notify = (not set)
dsn_return = (not set)
keepbcc = off
logfile = (not set)
syslog = (not set)
reading recipients from the command line
<-- 220 tmail.labmail.com Microsoft ESMTP MAIL Service, Version:
5.0.2195.6713 ready at Fri, 25 Apr 2008 15:14:00 -1000
--> EHLO localhost
<-- 250-tmail.labmail.com Hello [172.168.8.92]
<-- 250-TURN
<-- 250-ATRN
<-- 250-SIZE
<-- 250-ETRN
<-- 250-PIPELINING
<-- 250-DSN
<-- 250-ENHANCEDSTATUSCODES
<-- 250-8bitmime
<-- 250-BINARYMIME
<-- 250-CHUNKING
<-- 250-VRFY
<-- 250-X-EXPS GSSAPI NTLM LOGIN
<-- 250-X-EXPS=LOGIN
<-- 250-AUTH GSSAPI NTLM LOGIN
<-- 250-AUTH=LOGIN
<-- 250-X-LINK2STATE
<-- 250-XEXCH50
<-- 250 OK
msmtp: GNU SASL: GSSAPI error in client while negotiating security
context in gss_init_sec_context() in SASL library. This is most likely
due insufficient credentials or malicious interactions.
msmtp: could not send mail (account default from /root/.msmtprc)
Thanks®ards,
Ilango
-----Original Message-----
From: Simon Josefsson [mailto:simon@...143...]
Sent: Thursday, April 24, 2008 6:05 PM
To: Ilangovan Muthiah (WT01 - Embedded & Product Engineering)
Cc: msmtp-users@lists.sourceforge.net
Subject: Re: msmtp: support for authentication method GSSAPI is not
compiled in / gssapi support for msmtp
<ilangovan.muthiah@...140...> writes:
> Hi Simon
> Thanks for your reply
> As you are assumming ,I want to use the Kerberos v5 auth mechanism
> under gssapi.Now I have installed MIT Kerberos package version
> krb5-1.6.1 as you suggest but still I am having the same problem.I
> don't know much about kerberos client configuration.I have configured
> the krb5.conf file only .I have no idea about what and
> all need to be configured.
You need to run 'kinit' on the client to get a Kerberos ticket, which
requires that you have a KDC somewhere. The SMTP server you use must
typically also be part of the same Kerberos realm.
Sorry for confusing the problem by talking about hostkeys, that is only
required on the server side, and it seems you are on the client side.
/Simon