Ronald Wahl <Ronald(_dot_)Wahl(_at_)informatik(_dot_)tu-chemnitz(_dot_)de>:
On 05 Feb 2002 00:43:39 +0100, Ronald Wahl wrote:
On 21 Nov 2001 18:28:55 +0100, Ronald Wahl wrote:
Hi,
It seems that Kerberos4 authentication is broken in fetchmail >= 5.9.1.
In fetchmail-5.9.0 it works (at least with the patch found in
http://lists.ccil.org/pipermail/fetchmail-friends/2001-September/001087.html).
With 5.9.5 I get:
fetchmail: IMAP> A0001 CAPABILITY
fetchmail: IMAP< * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE
UIDPLUS ID NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=PLAIN
AUTH=KERBEROS_V4 X-NETSCAPE
fetchmail: IMAP< A0001 OK Completed
fetchmail: IMAP> A0002 AUTHENTICATE KERBEROS_V4
fetchmail: IMAP< + kLsiKg==
fetchmail: could not decode initial BASE64 challenge
fetchmail: IMAP> A0003 *
Would be nice if one could fix this. The krb4 implementation used on
client side: ftp://ftp.pdc.kth.se/pub/krb/src/krb4-1.0.9.tar.gz
Its still there in 5.9.7. Is there any way to fix this?
... and in 5.9.8 too. Am I the only one who has this problem or why does
nobody fix it or at least answer to my bug report? I thought one of the
arguments for opensource software is the short time until bugfixes are
available. But I did not even got any response to my last 2 mails
regarding to this problem. Nice politic - reminds me of a company with
the M. :-/
I don't have any way to test Kerberos IV, so I rely on patches from
fetchmail-friends list members who do. It would help if you could
send me a minimum diff between a version of fetchmail that works and
one that doesn't. So:
1. Make a source tree with 5.9.0 plus the fixpatch you mention. Verify
that it works.
2. Make a 5.9.1 source tree. Verify that it doesn't.
3. Diff the two.
4. Throw out everything in the diff that looks irrelevant. Use the
remainder to patch 5.9.1 into a 5.9.1-bis. Test it.
5. If 5.9.1-bis works, try cutting the diff further. If it doesn't, back
up a step and try removing something else.
6. Repeat until we find the patch band that broke Kerberos IV.
This is what I would do if I could.
--
<a href="http://www.tuxedo.org/~esr/">Eric S. Raymond</a>