Casey Allen Shobe
2006-Feb-23 13:14 UTC
[Dovecot] Digest-MD5 and GSSAPI not working in beta3
I have built dovecot with kerberos support, however am not able to log in using GSSAPI support in my mail client. I receive the following error: SASL(-4): no mechanism available: No worthy mechs found Additionally, Digest-MD5 does not work - I receive an authentication failed (as though I have an incorrect password) if I try to use it. I am using PostgreSQL for authentication, and returning a plaintext password with my SQL query. LOGIN, PLAIN, NTLM, and CRAM-MD5 are all working as expected. I tried making the change shown in Mark Davies' src/auth/mech-gssapi.c patch (posted to the list on 10 February), but it had no effect. Any advice welcome! Cheers, -- Casey Allen Shobe | cshobe at seattleserver.com | 206-381-2800 SeattleServer.com, Inc. | http://www.seattleserver.com
On Thu, 2006-02-23 at 13:14 +0000, Casey Allen Shobe wrote:> I have built dovecot with kerberos support, however am not able to log in > using GSSAPI support in my mail client. I receive the following error: > > SASL(-4): no mechanism available: No worthy mechs foundI don't really know about the Kerberos code in Dovecot.. Did you check if there was anything in Dovecot's logs with auth_verbose=yes?> Additionally, Digest-MD5 does not work - I receive an authentication failed > (as though I have an incorrect password) if I try to use it.This could have something to do with realms. I just tested this for a while and it looks like Cyrus SASL client wants to send a realm always, even if Dovecot doesn't advertise any realms. Are all your usernames in user at domain format? In that case you could set auth_realms to the list of domains. Or alternatively try if the attached patch helps. -------------- next part -------------- A non-text attachment was scrubbed... Name: digest-md5-realms.diff Type: text/x-patch Size: 1993 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20060224/b7c80190/attachment.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20060224/b7c80190/attachment-0001.bin>