On 02/06/11 18:43 +0000, brian m. carlson wrote:
On Tue, May 31, 2011 at 09:13:26AM -0500, Dan White wrote:
Do you also receive an error without starttls? I just installed
2.1.24~rc1.dfsg1+cvs2011-05-23-2 and was able to reproduce this error,
but only while doing '-t ""', or '-s' (against cyrus imap). I was able
to successfully authenticate with:
$ imtest -m gssapi imap.example.org
Yes, that does seem to work correctly. For me, however, a non-TLS
configuration is a non-starter, and anyway, SASL should not act
differently over an encrypted connection versus a non-encrypted one.
I'm starting to suspect this is a client side problem (with imtest). With
the patch below, this command works:
cyradm --auth gssapi --tlskey "" imap.example.org
but this command still produces the error you're seeing:
imtest -m gssapi -t "" imap.example.org
I wonder if this might have something to do with changes due to the recent
starttls vulnerability. I'll take a closer look.
I get a segfault with mutt (with or without -s or -t), so this may
actually be two different problems. For both problems, I get the same
result regardless of whether I have libsasl2-modules-gssapi-heimdal or
libsasl2-modules-gssapi-mit installed.
The segfaulting problem is fixed for me after applying the patch tied to
this bug report:
http://bugzilla.cyrusimap.org/bugzilla3/show_bug.cgi?id=3445
--
Dan White
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
