ID: 33500
Comment by: frank dot ruchter at hrz dot tu-chemnitz dot de
Reported By: ed2019 at columbia dot edu
Status: Open
Bug Type: IMAP related
Operating System: RHEL 4
PHP Version: 4.3.10
New Comment:
I detected the same behavior. As my httpd has no Kerberos ticket at
all, the error is a bit different:
Array
(
[0] => No credentials cache found (try running kinit) for
mailbox.hrz.tu-chemnitz.de
[1] => Can not authenticate to IMAP server: Client canceled
authentication
)
So no "authentication downgrade" to PLAIN occurs.
If it would be possible to disable Kerberos/GSS authentication via a
flag ...
Thanks,
Frank
Previous Comments:
------------------------------------------------------------------------
[2005-06-29 15:04:31] ed2019 at columbia dot edu
I have also filed this bug with RedHat, see bug # 161826:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161826 , as well
as to Mark Crispin ( author of the c-client imap library ), that
discussion is archived here:
http://mailman1.u.washington.edu/pipermail/imap-uw/2005-June/000091.html
------------------------------------------------------------------------
[2005-06-28 19:06:58] ed2019 at columbia dot edu
I am the system administrator. I appreciate your trying to screen out
non-bugs, but this is not a non-bug, but I am quite sure that this is a
real bug.
An IMAP server supports multiple methods of remote client
authentication. Among them, GSSAPI and plain. When a client connects,
the server advertises these auth methods and other options it supports,
for example, GSSAPI, PLAIN, etc.
The client then selects which AUTH method to use. php's imap extension
is choosing to use the GSSAPI method, but I would like it to make a
different choice. Or, after GSSAPI fails, I would like it to try the
PLAIN auth method.
There is, however, no way (to my knowledge, or in the documentation) to
get it to make that choice. The underlying c-client library that php
uses to talk to imap servers supports making the choice, and the imap
servers themselves support it, but PHP does not. I think that puts it
into the category of a 'bug' that belongs in PHP's bug system.
------------------------------------------------------------------------
[2005-06-28 18:52:22] [EMAIL PROTECTED]
Try to contact your system admintrator.
Questions related to IMAP server administration obviously do not belong
to the PHP bug system.
------------------------------------------------------------------------
[2005-06-28 18:36:34] ed2019 at columbia dot edu
What if I don't want to use GSSAPI? I'm providing a username and
password that should be sufficient for the PLAIN auth method.
------------------------------------------------------------------------
[2005-06-28 18:28:31] [EMAIL PROTECTED]
Obviously the apache user doesn't have correct permissions to write to
the kerberos cache. Not PHP bug -> bogus.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/33500
--
Edit this bug report at http://bugs.php.net/?id=33500&edit=1
