Displaying 6 results from an estimated 6 matches for "authz_nam".
Did you mean:
authz_name
2009 Jul 29
1
authn_name and authz_name differ: not supported
Hello,
I'm trying to authenticate using GSSAPI, but getting this in dovecot.log
"authn_name and authz_name differ: not supported". What is actually
trying to say me? I've remeber once encounter this problem but it get
away silently.
I'm using Mozilla Thunderbird 3 beta 3 and Dovecot 1.0.15
2009 Mar 03
2
GSSAPI cross-realm fixed
Attached is a patch which in my environment (Linux/Heimdal 1.2.1) fixes
cross-realm GSSAPI authentication.
Changes it makes:
1. When using krb5_kuserok, do not call gss_compare_name to check that
authn_name and authz_name are the same. Instead, make TWO calls to
krb5_kuserok, one for each ID. If both IDs are acceptable, allow the
login.
2. Disable checking that the name is a GSS_KRB5_PRINCIPAL_NAME, as
this doesn't appear to be always the case for the authz_name.
If I create a .k5login listing both username...
2009 Mar 03
0
GSSAPI cross-realm still broken
I've been trying to track down some problems with Dovecot in a Kerberos
5 cross-realm environment, and there seem to be a few issues.
LOGIN/PLAIN work fine using pam_krb5, but GSSAPI is a bit harder to
handle.
On line 436 of src/auth/mech-gssapi.c, the authn_name and the
authz_name are compared using gss_compare_name. This dates back to the
message at:
http://dovecot.org/pipermail/dovecot/2005-October/009615.html
While everything within that message is true, as things stand, Dovecot
is unusable in a cross-realm environment. When cross-realm tickets are
used, the authn_nam...
2009 Aug 28
1
GSSAPI Authentication Broke with Dovecot 1.1.16 -> 1.2.4 Upgrade
...hn at EXAMPLE.COM,192.0.2.168): Negotiated security layer
auth(default): client out: CONT 1 YD8GCSqGSIb3EgECAgIBBAD/////MINNkeu5LVS8fiZNSnb8j8iKBuHArr/sHec++VYV+9SSc+RkAf///wQEBAQ=
auth(default): client in: CONT<hidden>
auth(default): gssapi(john at EXAMPLE.COM,192.0.2.168): authz_name has NULs
auth(default): client out: FAIL 1 user=john at EXAMPLE.COM imap-login: Disconnected (auth failed, 1 attempts): user=<john at EXAMPLE.COM>, method=GSSAPI, rip=192.0.2.168, lip=192.0.2.36, TLS: Disconnected
------------------------
I commented out the 'return -1;...
2005 Oct 19
2
[PATCH] Support for GSSAPI SASL Mechanism
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Attached is a patch against current CVS that adds support for the
GSSAPI SASL mechanism. It was written from scratch, after reading the
patch from Colin Walters against a much older version of dovecot.
Other then support for the 'GSSAPI' mechanism, it contains the
following changes:
- - Added 'auth_krb5_keytab' option for
2005 Dec 30
1
Compile problem on FreeBSD 6.0-STABLE
...No such file or directory
mech-gssapi.c:42: error: syntax error before "gss_ctx_id_t"
mech-gssapi.c:51: error: syntax error before "gss_name_t"
mech-gssapi.c:58: error: syntax error before "OM_uint32"
[snipped]
mech-gssapi.c:387: error: structure has no member named `authz_name'
*** Error code 1
Stop in /usr/local/src/dovecot/dovecot-1.0.alpha5/src/auth.
*** Error code 1
Stop in /usr/local/src/dovecot/dovecot-1.0.alpha5/src.
*** Error code 1
Any help is greatly appreciated
-kim
--
w8hdkim@gmail.com