Hi!
I searched the web and past months of this mailing list archives
but didn't find a solution to my problem.
I have fetchmail-5.9.4, WU's imap 2000c and kerberos5-1.2.2 from MIT
installed. IMAP was compiled with EXTRAAUTHENTICATORS=gss, and fetchmail
with --with-kerberos5=/usr/lib/krb5 --with-gssapi (my krb5 libs are
in /usr/lib/krb5).
I can get gssapi to work with imap succesfully, but not with POP3.
I have created the host/hostname, imap/hostname and pop/hostname principals
and their respective keytabs.
First the success message (I already ran kinit, and no ~/.fetchmailrc exists):
$ fetchmail -N some.domain --auth gssapi -p imap
1 message (1 seen) for andreas at some.domain.
skipping message andreas(_at_)some(_dot_)domain:1 (2037955 octets) not flushed
The same command-line with -p pop3 instead of -p imap gives and authorization
error.
Sniffing it I see that fetchmail is providing my name as a password. Odd.
Now with -auth kerberos_v5:
$ fetchmail -N some.domain --auth kerberos_v5 -p pop3
fetchmail: krb5_sendauth: Bad response (during sendauth exchange)
fetchmail: client/server synchronization error while fetching from some.domain
fetchmail: Query status=7 (ERROR)
Sniffing again (tethereal), I see this:
0.032303 some.domain -> some.domain POP Response: +OK POP3 some.domain
v2000.70cl server ready
0.032347 some.domain -> some.domain TCP 3689 > pop-3 [ACK] Seq=3264395680
Ack=3267775576 Win=31013 Len=0
0.055118 some.domain -> some.domain POP Request: \000\000\000\023
0.055156 some.domain -> some.domain TCP pop-3 > 3689 [ACK] Seq=3267775576
Ack=3264395684 Win=31068 Len=0
0.056221 some.domain -> some.domain POP Request: KRB5_SENDAUTH_V1.0\000
0.058836 some.domain -> some.domain POP Request:
\000\000\000\tKPOPV1.0\000QUIT
0.058866 some.domain -> some.domain TCP pop-3 > 3689 [ACK] Seq=3267775576
Ack=3264395723 Win=31029 Len=0
0.058951 some.domain -> some.domain POP Response: -ERR Command line too long
"Command line too long"?! Greping the source of ipop3d, I see that this error
is triggered
if no \012 is found in the input.
Does anybody have a clue? Where in my setup is the problem, the imap/pop
server, kerberos setup
or client setup?
Thanks for any hints.