Red Hat Bugzilla – Bug 437387
authuser from app_voicemail_imap is broken without Kerberos authentication
Last modified: 2008-04-04 06:39:39 EDT
Description of problem:
The following problem affects the asterisk-voicemail-imap subpackage. Try to
configure authuser and authpassword directive for master access to the IMAP
server/storage in /etc/asterisk/voicemail.conf by setting the following:
You now will always get then the following in the asterisk console and in the
[Mar 13 09:38:20] ERROR app_voicemail.c: Can't connect to imap server
[Mar 13 09:38:20] WARNING app_voicemail.c: IMAP Warning: Can't use
Kerberos: invalid /authuser
This ONLY will work, if uw-imap-devel is built without Kerberos support (thus
without openssl support) and if asterisk is built without Kerberos support (so
this without openssl support) as well. So something is really buggy and broken.
Version-Release number of selected component (if applicable):
asterisk-1.4.18-3.fc8, -1.4.18-2.fc8, -1.4.18-1.fc8, -1.4.17-1.fc8
Everytime, see above.
The authuser configuration directive from app_voicemail_imap.so is absolutely
unusable/broken without Kerberos authentication for this.
Working authuser configuration directive in app_voicemail_imap.so without having
the need to use Kerberos for authentication as documented everywhere.
Cc'ing fellow uw-imap maintainer jorton, in case he has any insights here.
Dug up an old post on similar topic (php-imap):
Where Mark Crispin suggests that if an imap client can't or doesn't know how to
acquire credentials, it should disable GSSAPI via:
Perhaps this should be inserted into app_voicemail.c somewhere.
Yeah, looks like a similar problem to that with php-imap.
Looking through the code again, it does occur to me that the IMAP client will
only attempt GSSAPI auth if the server *advertises* GSSAPI authentication
support, in the CAPABILITY response. Is the server deliberately configured to
Not that I can see (CAPABILITY doesn't tell me so)
Could you capture a network trace to the IMAP server so we can see exactly what
is happening, and attach it here?
(tcpdump -i ethX -o foo.cap 'port imap')
Oh, and pass -s0 to tcpdump too!
You know, what you're expecting from me is illegal in Germany since last summer
and can cause imprisonment? I will try to look in, but don't expect a capture by
Okay, not a bug. There was a DNS round robin which pointed nearly ever to an IMAP
server where GSSAPI was announced as login method. The server where I was testing
this, didn't behave exactly same :-(
And sorry for wasting your time.
Ah, good to hear this was tracked down, thanks for the update.