Bug#810741: gsasl: produces unhelpful error message on Kerberos failure

Mon, 11 Jan 2016 12:12:46 -0800 

Package: gsasl
Version: 1.8.0-8

As I noted in Debian bug #810727, I need to use the proper hostname to
connect to my SMTP server; otherwise Kerberos authentication will fail.
But this wasn't easy to figure out, as the message returned by msmtp is
kind of useless (it seems to just print whatever text is returned by GNU
SASL):
        msmtp: GNU SASL: GSSAPI error in client while negotiating security
        context in gss_init_sec_context() in SASL library.  This is most
        likely due insufficient credentials or malicious interactions.

This makes it seem like I used a bad password or the SMTP server didn't
like the ticket.  In fact, the Kerberos server didn't recognise the
hostname, and according to a Wireshark dump returned a perfectly clear
error message:
        krb-error
                pvno: 5
                msg-type: krb-error (30)
                stime: 2016-01-11 16:08:01 (UTC)
                susec: 299239
                error-code: eRR-S-PRINCIPAL-UNKNOWN (7)
                realm: EXAMPLE.COM
                sname
                        name-type: kRB5-NT-SRV-HST (3)
                        name-string: 2 items
                                KerberosString: smtp
                                KerberosString: smtp-server.EXAMPLE.COM

I suggest a message like the following, based on the libkrb5 text:
        "Server not found in Kerberos database:
         smtp/smtp-server.example....@example.com"

- Michael


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gsasl depends on:
ii  dpkg               1.18.4
ii  install-info       6.0.0.dfsg.1-4
ii  libc6              2.21-6
ii  libgnutls-deb0-28  3.3.19-1
ii  libgsasl7          1.8.0-8

gsasl recommends no packages.

gsasl suggests no packages.

-- no debconf information

Attachment: signature.asc
Description: PGP signature

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential 
information, privileged material (including material protected by the 
solicitor-client or other applicable privileges), or constitute non-public 
information. Any use of this information by anyone other than the intended 
recipient is prohibited. If you have received this transmission in error, 
please immediately reply to the sender and delete this information from your 
system. Use, dissemination, distribution, or reproduction of this transmission 
by unintended recipients is not authorized and may be unlawful.

Reply via email to