ID: 33500
User updated by: ed2019 at columbia dot edu
Reported By: ed2019 at columbia dot edu
Status: Bogus
-Bug Type: Feature/Change Request
+Bug Type: IMAP related
-Operating System: RHEL4
+Operating System: ALL
-PHP Version: 4.3.10
+PHP Version: 5.2.0
Assigned To: pajoye
New Comment:
Hi-
I was the original submitter of this bug four years ago, but I
felt I should write to clear up a little confusion which has popped up
from pajoye at php.net .
Mark Crispin's c-client (which is the library underlying PHP's
IMAP stuff) can authenticate to IMAP servers using various methods,
including but not limited to PLAIN and GSSAPI. You can specify when
calling the c-client library which authentication method to use. When
you're going to authenticate with kerberos/GSSAPI, you would provide a
certain set of client credentials. When you want to authenticate with
PLAIN, you provide a different set of credentials (namely, username and
password).
The problem with PHP's imap_open() is that it does not allow you
to specify which of these authentication methods to use, nor does it
guess correctly from the credentials you provide it. The setup, as I
encountered it, is/was:
1) Your code wants to authenticate to an IMAP server with a username &
password. These credentials are appropriate for PLAIN authentication.
2) You call imap_open() and pass it the username & password.
3) imap_open() (through c-client) contacts the server attempts to
authenticate via GSSAPI, which fails. imap_open() then gives up.
So, the bug in this case is that imap_open needs an argument of
some sort which tells it NOT to try using GSSAPI, and instead to try
using PLAIN authentication. Perhaps something like [authmethod ={PLAIN
|| GSSAPI || ...}] , which would then be passed through to the c-client
implementation.
Make no mistake about it, there is no way around this bug with
PHP's broken imap_open(). If you have an imap server which advertises
both authentication methods, there is no way to authenticate to that
server with the PLAIN method - even though the server is configured
correctly, and the underlying c-client IMAP library supports it.
imap_open() is not tickling the c-client library correctly to get the
proper result.
Previous Comments:
------------------------------------------------------------------------
[2009-04-27 15:17:18] paj...@php.net
Bug or feature in c-client. As Joe already explained in the RH bug
report, the first thing auth_gssapi_client does is to disable any
retry:
auth_gss.c:98 (2007e)
*trial = 65535; /* never retry */
Please get an explanation in the UW mailing list but there is nothing
PHP can do about that.
------------------------------------------------------------------------
[2009-04-27 15:03:49] paj...@php.net
The authentication method is compiled in cclient. Are you sure your
cclient package supports kerberos or GSS?
For windows, I'm verifying that it works with 5.3.0 (we use the latest
c-client for 5.3+).
------------------------------------------------------------------------
[2009-04-27 14:37:16] mathieu at koumbit dot org
Same bug, on version 5.2.0 (Debian/stable), when trying to connect to
Exchange.
------------------------------------------------------------------------
[2009-03-04 07:30:53] sami dot sipponen at storaenso dot com
Please PHP developers, fix this bug since there are no other elegant
methods to connect Exchange 2007 than imap_open. Implement
authentication method attribute to IMAP_OPEN or make it automatically
use multiple methods.
------------------------------------------------------------------------
[2009-02-06 01:49:31] steve dot englart at gmail dot com
I can't connect to Exchange 2007 sp1
PHP running on Windows 2000
C:\php>php -v
PHP 5.2.8 (cli) (built: Dec 8 2008 19:31:23)
with Pear Net_POP3 1.3.6 stable
example from getMessage() after logon...
Error in authentication: USER NOT supported authentication
method!. This server supports these methods: GSSAPI, but I support APO
P,PLAIN,LOGIN,USER
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/33500
--
Edit this bug report at http://bugs.php.net/?id=33500&edit=1
