-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Albrecht:
On 04/25/2017 01:43:04 PM Tue, Albrecht Dreß wrote:
Hi all, a while ago a user requested GSSAPI (Kerberos v5 single sign-on, RFC 4752) authentication for SMTP. The attached patch implements it for both SMTP and POP3 in addition to IMAP, i.e. with this patch, Balsa now offers SSO for /all/ server connections. Basically, I added a few helper functions to libnetclient, which are used in the specific authentication methods. As the GSSAPI tokens can be /very/ long, the maximum line length for SMTP needs to be enhanced. This also revealed a bug in the net-client.c function net_client_vwrite_line() which used a too short fixed-length buffer (replaced by a GString). As single sign-on requires only the user name, but not a password, I had to extend the auth signal handler with an indication whether the password is needed or not. Unfortunately, I can not write "simple" unit tests as my test "server" (INetSim) does not support GSSAPI. For testing, I installed a Debian VM with Samba4 (which is so nice to configure Kerberos appropriately for me, which otherwise is a real PITA!) plus postfix and dovecot exclusively supporting GSSAPI authentication. Afaict, this implementation works just fine there. However, some more testing with "real world" setups would be highly appreciated. As always, any comment will be welcome!
Many thanks for the patch! It builds and runs for me, but I have no way of testing GSSAPI authentication, so I've pushed it to master to allow wider testing. Peter -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlj/9T4ACgkQH1/UtbkqdPVPjwCfcS6Qlq0TucA1G8eqVkSkS/31 WTkAoIiyHtsSwrCtDPp3uYddcAPJwqLO =rh0w -----END PGP SIGNATURE----- _______________________________________________ balsa-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/balsa-list
