Bug 437387
Summary: | authuser from app_voicemail_imap is broken without Kerberos authentication | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Robert Scheck <redhat-bugzilla> |
Component: | asterisk | Assignee: | Jeffrey C. Ollie <jeff> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | jorton, rdieter, robert.scheck |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-04-04 10:12:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Robert Scheck
2008-03-13 19:57:27 UTC
Cc'ing fellow uw-imap maintainer jorton, in case he has any insights here. Dug up an old post on similar topic (php-imap): http://mailman1.u.washington.edu/pipermail/imap-uw/2005-June/000092.html Where Mark Crispin suggests that if an imap client can't or doesn't know how to acquire credentials, it should disable GSSAPI via: mail_parameters (NIL,DISABLE_AUTHENTICATOR,"GSSAPI"); Perhaps this should be inserted into app_voicemail.c somewhere. Yeah, looks like a similar problem to that with php-imap. Looking through the code again, it does occur to me that the IMAP client will only attempt GSSAPI auth if the server *advertises* GSSAPI authentication support, in the CAPABILITY response. Is the server deliberately configured to support GSSAPI? Not that I can see (CAPABILITY doesn't tell me so) Could you capture a network trace to the IMAP server so we can see exactly what is happening, and attach it here? (tcpdump -i ethX -o foo.cap 'port imap') Oh, and pass -s0 to tcpdump too! You know, what you're expecting from me is illegal in Germany since last summer and can cause imprisonment? I will try to look in, but don't expect a capture by me, sorry. Okay, not a bug. There was a DNS round robin which pointed nearly ever to an IMAP server where GSSAPI was announced as login method. The server where I was testing this, didn't behave exactly same :-( And sorry for wasting your time. Ah, good to hear this was tracked down, thanks for the update. |