Bug 719953 - imtest with TLS falsely reports GSSAPI not available (fix available upstream)
Summary: imtest with TLS falsely reports GSSAPI not available (fix available upstream)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: cyrus-imapd
Version: 15
Hardware: All
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Michal Hlavinka
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-07-08 14:00 UTC by Derek Atkins
Modified: 2011-08-17 01:01 UTC (History)
2 users (show)

Fixed In Version: cyrus-imapd-2.4.10-1.fc15
Clone Of:
Environment:
Last Closed: 2011-08-17 01:01:30 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Derek Atkins 2011-07-08 14:00:19 UTC 
Description of problem:

I use GSSAPI to authenticate to and retrieve my email.  Since upgrading my client from Fedora12 to Fedora15 I have been unable to retrieve my email.  Looking at it I see that imtest reports incorrectly:

/usr/bin/imtest -s -a warlord -m gssapi -u warlord mail2.ihtfp.org
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=LOGIN AUTH=GSSAPI SASL-IR] mail2.ihtfp.org Cyrus IMAP v2.3.16-Fedora-RPM-2.3.16-8.fc14 server ready
[Server did not advertise AUTH=GSSAPI]
Authentication failed. generic failure
Security strength factor: 256
^CC: Q01 LOGOUT

Note that "AUTH=GSSAPI" is most certainly in the list!  If I connect without SSL then imtest works correctly:

/usr/bin/imtest -a warlord -m gssapi -u warlord mail2.ihtfp.org
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED AUTH=GSSAPI SASL-IR COMPRESS=DEFLATE] mail2.ihtfp.org Cyrus IMAP v2.3.16-Fedora-RPM-2.3.16-8.fc14 server ready
^C

There appears to be a known bug upstream, which has a fix: http://bugzilla.cyrusimap.org/bugzilla3/show_bug.cgi?id=3444

Version-Release number of selected component (if applicable):

cyrus-imapd-utils-2.4.8-2.fc15.i686


How reproducible:  100%

Steps to Reproduce:
1. See above.
2.
3.
  
Actual results:
See above

Expected results:
imtest shouldn't ignore authentication mechanisms.

Additional info:

Debian Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624831
Upstream Bug: http://bugzilla.cyrusimap.org/bugzilla3/show_bug.cgi?id=3444
Upstream Bugfix: http://git.cyrusimap.org/cyrus-imapd/commit/?id=6be0fcb9f463091bec1abd86e3ba1cc9317ed028
Comment 1 Derek Atkins 2011-07-08 17:04:28 UTC 
FYI, I decided to try out the version in RAWHIDE and it does work fine:

yum --enablerepo=rawhide update cyrus-imapd-utils
...

[warlord@dogbert ~]$ rpm -q cyrus-imapd-utils
cyrus-imapd-utils-2.4.10-1.fc16.i686
[warlord@dogbert ~]$ /usr/bin/imtest -s -m gssapi -u warlord mail2.ihtfp.org    verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=LOGIN AUTH=GSSAPI SASL-IR] mail2.ihtfp.org Cyrus IMAP v2.3.16-Fedora-RPM-2.3.16-8.fc14 server ready
^C

Any chance we could get cyrus-imapd-utils-2.4.10-1.fc16 backported to F15?
Comment 2 Michal Hlavinka 2011-07-11 09:47:55 UTC 
> There appears to be a known bug upstream, which has a fix:
> http://bugzilla.cyrusimap.org/bugzilla3/show_bug.cgi?id=3444

AFAIK this bug was fixed April 2011 so it is in 2.4.8 already

Anyway, 2.4.10 is in F15:updates-testing now, it was submitted as update since 2011-07-08 morning :)
Comment 3 Fedora Update System 2011-07-11 09:48:32 UTC 
cyrus-imapd-2.4.10-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/cyrus-imapd-2.4.10-1.fc15
Comment 4 Fedora Update System 2011-08-17 01:01:25 UTC 
cyrus-imapd-2.4.10-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.