ID: 33500 Comment by: frank dot ruchter at hrz dot tu-chemnitz dot de Reported By: ed2019 at columbia dot edu Status: Open Bug Type: IMAP related Operating System: RHEL 4 PHP Version: 4.3.10 New Comment:
I detected the same behavior. As my httpd has no Kerberos ticket at all, the error is a bit different: Array ( [0] => No credentials cache found (try running kinit) for mailbox.hrz.tu-chemnitz.de [1] => Can not authenticate to IMAP server: Client canceled authentication ) So no "authentication downgrade" to PLAIN occurs. If it would be possible to disable Kerberos/GSS authentication via a flag ... Thanks, Frank Previous Comments: ------------------------------------------------------------------------ [2005-06-29 15:04:31] ed2019 at columbia dot edu I have also filed this bug with RedHat, see bug # 161826: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161826 , as well as to Mark Crispin ( author of the c-client imap library ), that discussion is archived here: http://mailman1.u.washington.edu/pipermail/imap-uw/2005-June/000091.html ------------------------------------------------------------------------ [2005-06-28 19:06:58] ed2019 at columbia dot edu I am the system administrator. I appreciate your trying to screen out non-bugs, but this is not a non-bug, but I am quite sure that this is a real bug. An IMAP server supports multiple methods of remote client authentication. Among them, GSSAPI and plain. When a client connects, the server advertises these auth methods and other options it supports, for example, GSSAPI, PLAIN, etc. The client then selects which AUTH method to use. php's imap extension is choosing to use the GSSAPI method, but I would like it to make a different choice. Or, after GSSAPI fails, I would like it to try the PLAIN auth method. There is, however, no way (to my knowledge, or in the documentation) to get it to make that choice. The underlying c-client library that php uses to talk to imap servers supports making the choice, and the imap servers themselves support it, but PHP does not. I think that puts it into the category of a 'bug' that belongs in PHP's bug system. ------------------------------------------------------------------------ [2005-06-28 18:52:22] [EMAIL PROTECTED] Try to contact your system admintrator. Questions related to IMAP server administration obviously do not belong to the PHP bug system. ------------------------------------------------------------------------ [2005-06-28 18:36:34] ed2019 at columbia dot edu What if I don't want to use GSSAPI? I'm providing a username and password that should be sufficient for the PLAIN auth method. ------------------------------------------------------------------------ [2005-06-28 18:28:31] [EMAIL PROTECTED] Obviously the apache user doesn't have correct permissions to write to the kerberos cache. Not PHP bug -> bogus. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/33500 -- Edit this bug report at http://bugs.php.net/?id=33500&edit=1