ID: 33500 User updated by: ed2019 at columbia dot edu Reported By: ed2019 at columbia dot edu Status: Bogus -Bug Type: Feature/Change Request +Bug Type: IMAP related -Operating System: RHEL4 +Operating System: ALL -PHP Version: 4.3.10 +PHP Version: 5.2.0 Assigned To: pajoye New Comment:
Hi- I was the original submitter of this bug four years ago, but I felt I should write to clear up a little confusion which has popped up from pajoye at php.net . Mark Crispin's c-client (which is the library underlying PHP's IMAP stuff) can authenticate to IMAP servers using various methods, including but not limited to PLAIN and GSSAPI. You can specify when calling the c-client library which authentication method to use. When you're going to authenticate with kerberos/GSSAPI, you would provide a certain set of client credentials. When you want to authenticate with PLAIN, you provide a different set of credentials (namely, username and password). The problem with PHP's imap_open() is that it does not allow you to specify which of these authentication methods to use, nor does it guess correctly from the credentials you provide it. The setup, as I encountered it, is/was: 1) Your code wants to authenticate to an IMAP server with a username & password. These credentials are appropriate for PLAIN authentication. 2) You call imap_open() and pass it the username & password. 3) imap_open() (through c-client) contacts the server attempts to authenticate via GSSAPI, which fails. imap_open() then gives up. So, the bug in this case is that imap_open needs an argument of some sort which tells it NOT to try using GSSAPI, and instead to try using PLAIN authentication. Perhaps something like [authmethod ={PLAIN || GSSAPI || ...}] , which would then be passed through to the c-client implementation. Make no mistake about it, there is no way around this bug with PHP's broken imap_open(). If you have an imap server which advertises both authentication methods, there is no way to authenticate to that server with the PLAIN method - even though the server is configured correctly, and the underlying c-client IMAP library supports it. imap_open() is not tickling the c-client library correctly to get the proper result. Previous Comments: ------------------------------------------------------------------------ [2009-04-27 15:17:18] paj...@php.net Bug or feature in c-client. As Joe already explained in the RH bug report, the first thing auth_gssapi_client does is to disable any retry: auth_gss.c:98 (2007e) *trial = 65535; /* never retry */ Please get an explanation in the UW mailing list but there is nothing PHP can do about that. ------------------------------------------------------------------------ [2009-04-27 15:03:49] paj...@php.net The authentication method is compiled in cclient. Are you sure your cclient package supports kerberos or GSS? For windows, I'm verifying that it works with 5.3.0 (we use the latest c-client for 5.3+). ------------------------------------------------------------------------ [2009-04-27 14:37:16] mathieu at koumbit dot org Same bug, on version 5.2.0 (Debian/stable), when trying to connect to Exchange. ------------------------------------------------------------------------ [2009-03-04 07:30:53] sami dot sipponen at storaenso dot com Please PHP developers, fix this bug since there are no other elegant methods to connect Exchange 2007 than imap_open. Implement authentication method attribute to IMAP_OPEN or make it automatically use multiple methods. ------------------------------------------------------------------------ [2009-02-06 01:49:31] steve dot englart at gmail dot com I can't connect to Exchange 2007 sp1 PHP running on Windows 2000 C:\php>php -v PHP 5.2.8 (cli) (built: Dec 8 2008 19:31:23) with Pear Net_POP3 1.3.6 stable example from getMessage() after logon... Error in authentication: USER NOT supported authentication method!. This server supports these methods: GSSAPI, but I support APO P,PLAIN,LOGIN,USER ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/33500 -- Edit this bug report at http://bugs.php.net/?id=33500&edit=1