Bug 719953

Summary: imtest with TLS falsely reports GSSAPI not available (fix available upstream)
Product: [Fedora] Fedora Reporter: Derek Atkins <warlord>
Component: cyrus-imapdAssignee: Michal Hlavinka <mhlavink>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 15CC: mhlavink, vanmeeuwen+fedora
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: cyrus-imapd-2.4.10-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-17 01:01:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Derek Atkins 2011-07-08 14:00:19 UTC 
Description of problem:

I use GSSAPI to authenticate to and retrieve my email.  Since upgrading my client from Fedora12 to Fedora15 I have been unable to retrieve my email.  Looking at it I see that imtest reports incorrectly:

/usr/bin/imtest -s -a warlord -m gssapi -u warlord mail2.ihtfp.org
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=LOGIN AUTH=GSSAPI SASL-IR] mail2.ihtfp.org Cyrus IMAP v2.3.16-Fedora-RPM-2.3.16-8.fc14 server ready
[Server did not advertise AUTH=GSSAPI]
Authentication failed. generic failure
Security strength factor: 256
^CC: Q01 LOGOUT

Note that "AUTH=GSSAPI" is most certainly in the list!  If I connect without SSL then imtest works correctly:

/usr/bin/imtest -a warlord -m gssapi -u warlord mail2.ihtfp.org
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED AUTH=GSSAPI SASL-IR COMPRESS=DEFLATE] mail2.ihtfp.org Cyrus IMAP v2.3.16-Fedora-RPM-2.3.16-8.fc14 server ready
^C

There appears to be a known bug upstream, which has a fix: http://bugzilla.cyrusimap.org/bugzilla3/show_bug.cgi?id=3444

Version-Release number of selected component (if applicable):

cyrus-imapd-utils-2.4.8-2.fc15.i686


How reproducible:  100%

Steps to Reproduce:
1. See above.
2.
3.
  
Actual results:
See above

Expected results:
imtest shouldn't ignore authentication mechanisms.

Additional info:

Debian Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624831
Upstream Bug: http://bugzilla.cyrusimap.org/bugzilla3/show_bug.cgi?id=3444
Upstream Bugfix: http://git.cyrusimap.org/cyrus-imapd/commit/?id=6be0fcb9f463091bec1abd86e3ba1cc9317ed028
Comment 1 Derek Atkins 2011-07-08 17:04:28 UTC 
FYI, I decided to try out the version in RAWHIDE and it does work fine:

yum --enablerepo=rawhide update cyrus-imapd-utils
...

[warlord@dogbert ~]$ rpm -q cyrus-imapd-utils
cyrus-imapd-utils-2.4.10-1.fc16.i686
[warlord@dogbert ~]$ /usr/bin/imtest -s -m gssapi -u warlord mail2.ihtfp.org    verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=LOGIN AUTH=GSSAPI SASL-IR] mail2.ihtfp.org Cyrus IMAP v2.3.16-Fedora-RPM-2.3.16-8.fc14 server ready
^C

Any chance we could get cyrus-imapd-utils-2.4.10-1.fc16 backported to F15?
Comment 2 Michal Hlavinka 2011-07-11 09:47:55 UTC 
> There appears to be a known bug upstream, which has a fix:
> http://bugzilla.cyrusimap.org/bugzilla3/show_bug.cgi?id=3444

AFAIK this bug was fixed April 2011 so it is in 2.4.8 already

Anyway, 2.4.10 is in F15:updates-testing now, it was submitted as update since 2011-07-08 morning :)
Comment 3 Fedora Update System 2011-07-11 09:48:32 UTC 
cyrus-imapd-2.4.10-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/cyrus-imapd-2.4.10-1.fc15
Comment 4 Fedora Update System 2011-08-17 01:01:25 UTC 
cyrus-imapd-2.4.10-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.