[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] msmtp: support for authentication method GSSAPI is not compiled in / gssapi support for msmtp



<ilangovan.muthiah@...140...> writes:

> Hi Simon,
>         I installed the heimdal package and then tried to include
> kerberos-v5 support in the SASL but kerberos_v5 support is not inclueded
> in the SASL build .below is the output of  # ./configure
> --enable-kerberos_v5  

Hi.  No, you don't want to use --enable-kerberos_v5, that's not the
GSSAPI mechanism.  The configure output looks fine:

> checking if GSSAPI should be used... yes

Ignore the other warnings.

> I also tried with MIT kerberos package 1.6.1
> It always look for libshishi support.then I installed the  shishi-0.0.35
> version and tried but I got some compilation error when the
> --enable-kerberos_v5 flag is on .
> without shishi kerberos_v5 support is possible in SASL?

No, KERBEROS_V5 is Shishi-specific, but I don't recommend to use it.  It
is not standardized, and was part of an experiment.

> Localhost:~/SMTP__AUTH# msmtp --version
> msmtp version 1.4.14
> TLS/SSL library: none
> Authentication library: GNU SASL
> Supported authentication methods:
> plain cram-md5 digest-md5 gssapi external login ntlm

So you have GSSAPI support, so all should be fine.

> But the gssappi authentication is failing.Follwing is the output of
> gsasl --smtp command and msmtp --auth command
>
>
> localhost:~# gsasl --smtp labmail.com
> Trying `labmail.com'...
> 220 tmail.labmail.com Microsoft ESMTP MAIL Service, Version:
> 5.0.2195.6713 ready at  Fri, 25 Apr 2008 15:10:12 -1000
> EHLO [127.0.0.1]
> 250-tmail.labmail.com Hello [172.168.8.92]
> 250-TURN
> 250-ATRN
> 250-SIZE
> 250-ETRN
> 250-PIPELINING
> 250-DSN
> 250-ENHANCEDSTATUSCODES
> 250-8bitmime
> 250-BINARYMIME
> 250-CHUNKING
> 250-VRFY
> 250-X-EXPS GSSAPI NTLM LOGIN
> 250-X-EXPS=LOGIN
> 250-AUTH GSSAPI NTLM LOGIN
> 250-AUTH=LOGIN
> 250-X-LINK2STATE
> 250-XEXCH50
> 250 OK
> AUTH GSSAPI
> 334 GSSAPI supported
> gsasl: mechanism error: Base 64 coding error in SASL library 

That error is more interesting!  Do you have a Kerberos ticket?  Try
running 'klist'.  It should print your ticket.  If you don't have a
kerberos ticket, authentication won't work.

> msmtp: GNU SASL: GSSAPI error in client while negotiating security
> context in gss_init_sec_context() in SASL library.  This is most likely
> due insufficient credentials or malicious interactions.
> msmtp: could not send mail (account default from /root/.msmtprc)

This error looks consistent you didn't have a Kerberos ticket.  I don't
understand why you get different errors with -d and without though?  Is
that consistent?

/Simon