fetchmail-friends
[Top] [All Lists]

[fetchmail]gssapi + imap works, doesn't with pop3

2001-10-31 12:49:54
Hi!
I searched the web and past months of this mailing list archives
but didn't find a solution to my problem.

I have fetchmail-5.9.4, WU's imap 2000c and kerberos5-1.2.2 from MIT
installed. IMAP was compiled with EXTRAAUTHENTICATORS=gss, and fetchmail
with --with-kerberos5=/usr/lib/krb5 --with-gssapi (my krb5 libs are
in /usr/lib/krb5).

I can get gssapi to work with imap succesfully, but not with POP3.
I have created the host/hostname, imap/hostname and pop/hostname principals
and their respective keytabs.

First the success message (I already ran kinit, and no ~/.fetchmailrc exists):

$ fetchmail -N some.domain --auth gssapi -p imap
1 message (1 seen) for andreas at some.domain.
skipping message andreas(_at_)some(_dot_)domain:1 (2037955 octets) not flushed

The same command-line with -p pop3 instead of -p imap gives and authorization 
error.
Sniffing it I see that fetchmail is providing my name as a password. Odd.

Now with -auth kerberos_v5:
$ fetchmail -N some.domain --auth kerberos_v5 -p pop3
fetchmail: krb5_sendauth: Bad response (during sendauth exchange)
fetchmail: client/server synchronization error while fetching from some.domain
fetchmail: Query status=7 (ERROR)

Sniffing again (tethereal), I see this:
  0.032303 some.domain -> some.domain POP Response: +OK POP3 some.domain 
v2000.70cl server ready
  0.032347 some.domain -> some.domain TCP 3689 > pop-3 [ACK] Seq=3264395680 
Ack=3267775576 Win=31013 Len=0
  0.055118 some.domain -> some.domain POP Request: \000\000\000\023
  0.055156 some.domain -> some.domain TCP pop-3 > 3689 [ACK] Seq=3267775576 
Ack=3264395684 Win=31068 Len=0
  0.056221 some.domain -> some.domain POP Request: KRB5_SENDAUTH_V1.0\000
  0.058836 some.domain -> some.domain POP Request: 
\000\000\000\tKPOPV1.0\000QUIT
  0.058866 some.domain -> some.domain TCP pop-3 > 3689 [ACK] Seq=3267775576 
Ack=3264395723 Win=31029 Len=0
  0.058951 some.domain -> some.domain POP Response: -ERR Command line too long

"Command line too long"?! Greping the source of ipop3d, I see that this error 
is triggered
if no \012 is found in the input.

Does anybody have a clue? Where in my setup is the problem, the imap/pop 
server, kerberos setup
or client setup?

Thanks for any hints.



<Prev in Thread] Current Thread [Next in Thread>