Hello, I'm trying to get Dovecot to use GSSAPI for authentication. I have an IPA server on CentOS 7 with a bunch of my servers attached to the IPA domain, including the server running Dovecot. I've followed official documentation from Red Hat and read numerous wiki articles on how to configure Dovecot to get it to use GSSAPI correctly. I don't think I've done anything incorrectly, but it refuses to work. This is the error I'm seeing: mailman02 dovecot: imap-login: Disconnected (tried to use unsupported auth mechanism): user=<>, method=PLAIN, rip=1.1.1.1, lip=2.2.2.2, TLS, session=<QhWSqxofyAAKyAkM> I don't understand why no username is being passed. My mail client is Evolution 3.10.4. FYI, Dovecot does work fine using a user/password file. I'm just trying to switch it over to GSSAPI so that I can manage passwords from one system. Any help would be appreciated. Regards, Ranbir -- Kanwar R.S. Sandhu
On Sun, 2015-09-06 at 17:41 -0400, Kanwar Ranbir Sandhu wrote:> I've followed official documentation from Red Hat and read numerous wiki > articles on how to configure Dovecot to get it to use GSSAPI correctly. > I don't think I've done anything incorrectly, but it refuses to work. > This is the error I'm seeing: > > mailman02 dovecot: imap-login: Disconnected (tried to use unsupported > auth mechanism): user=<>, method=PLAIN, rip=1.1.1.1, lip=2.2.2.2, TLS, > session=<QhWSqxofyAAKyAkM> > > I don't understand why no username is being passed. My mail client is > Evolution 3.10.4.Anyone? I could really use some help with trouble shooting my setup. Kerberos + Dovecot apparently works really well, but not for me...yet. :( Ranbir -- Kanwar R.S. Sandhu
Kanwar Ranbir Sandhu skrev den 2015-09-07 16:47:> Kerberos + Dovecot apparently works really well, but not for > me...yet. :(you choiced to use a precompiled problem from redhat, no ? if you used freebsd or gentoo there whould only be learning curve left back to your problem, are you sure maintainer at redhat enabled kerberos auth login ? if need more help ask the maintainer for the rpm package, or still convenced its a bug in dovecot show dovecot -n, i have lost if you already have, but lets take it from there on
Hi Ranbir I've worked with freeIPA a little, but without your doveconf or some other context information, it is difficult to identify the issue. Regards, Manuel Delgado ----------------------------------------------------------- *Usuario Linux* *#520940 <http://counter.li.org/>* Mag. Computaci?n e Inform?tica Universidad de Costa Rica Centro de Inform?tica On Mon, Sep 7, 2015 at 8:47 AM, Kanwar Ranbir Sandhu < m3freak at thesandhufamily.ca> wrote:> On Sun, 2015-09-06 at 17:41 -0400, Kanwar Ranbir Sandhu wrote: > > I've followed official documentation from Red Hat and read numerous wiki > > articles on how to configure Dovecot to get it to use GSSAPI correctly. > > I don't think I've done anything incorrectly, but it refuses to work. > > This is the error I'm seeing: > > > > mailman02 dovecot: imap-login: Disconnected (tried to use unsupported > > auth mechanism): user=<>, method=PLAIN, rip=1.1.1.1, lip=2.2.2.2, TLS, > > session=<QhWSqxofyAAKyAkM> > > > > I don't understand why no username is being passed. My mail client is > > Evolution 3.10.4. > > Anyone? I could really use some help with trouble shooting my setup. > > Kerberos + Dovecot apparently works really well, but not for > me...yet. :( > > Ranbir > > -- > Kanwar R.S. Sandhu >
> On 07 Sep 2015, at 00:41, Kanwar Ranbir Sandhu <m3freak at thesandhufamily.ca> wrote: > > Hello, > > I'm trying to get Dovecot to use GSSAPI for authentication. I have an IPA server on CentOS 7 with a bunch of my servers attached to the IPA domain, including the server running Dovecot. > > I've followed official documentation from Red Hat and read numerous wiki articles on how to configure Dovecot to get it to use GSSAPI correctly. I don't think I've done anything incorrectly, but it refuses to work. This is the error I'm seeing: > > mailman02 dovecot: imap-login: Disconnected (tried to use unsupported auth mechanism): user=<>, method=PLAIN, rip=1.1.1.1, lip=2.2.2.2, TLS, session=<QhWSqxofyAAKyAkM>It says "tried to use unsupported auth mechanism". In your later mail you say that telnet shows AUTH=GSSAPI in capabilities. So that would mean that the client isn't using AUTHENTICATE GSSAPI but something else. Set auth_debug=yes and/or see what the client actually does by enabling pre-login rawlog: http://wiki2.dovecot.org/Debugging/Rawlog
On Mon, 2015-09-07 at 20:37 +0300, Timo Sirainen wrote:> It says "tried to use unsupported auth mechanism". In your later mail > you say that telnet shows AUTH=GSSAPI in capabilities. So that would > mean that the client isn't using AUTHENTICATE GSSAPI but something > else.I'd been considering that perhaps my version of Evolution was too old, so I upgraded from Fedora 20 to Fedora 22: still doesn't work. :/> Set auth_debug=yes and/or see what the client actually does by > enabling pre-login rawlog: http://wiki2.dovecot.org/Debugging/RawlogAlright, I enabled it. I have some logs, but I'm not clear on what I should and shouldn't include here. Can I just copy and paste both in and out logs verbatim without inadvertently giving up my passwords or something?? Regards, Ranbir -- Kanwar R.S. Sandhu