Discussion about the msmtp tool ()

Simon Josefsson | 24 Apr 2008 10:52

Re: msmtp: support for authentication method GSSAPI is not compiled in / gssapi support for msmtp

<ilangovan.muthiah <at> wipro.com> writes:

> Hi, 
>      I need to include NTLM and GSSAPI auth support in msmpt .I am using
> msmtp-1.4.14 verion.I am able to include the NTLM support but not able
> to include GSSAPI 
> support. because msmtp support GSSAPI using GNU SASL ,I compiled and
> installed the  gsasl-0.2.25  version . I also installed the gss-0.0.23
> version ans shishi-0.0.35 .

Hi.  Did you create a host keytab for the host?  The GSSAPI mechanism in
GNU SASL won't advertise itself unless configuration of the host is
working properly.

I'm assuming you want to use Kerberos V under GSSAPI?  I think there are
NTLM-like mechanisms under GSSAPI too, but they are not supported by GNU
SASL.  The GSSAPI SASL mechanism only works for Kerberos V too.

Finally, if you are using Heimdal or MIT Kerberos, you probably want to
build GNU SASL against them instead of Shishi/GSS.

/Simon

>
>  
>  following is the result of msmtp --version commad.
>  
> [root <at> localhost root]# msmtp --version
> msmtp version 1.4.14
> TLS/SSL library: GnuTLS

(Continue reading)

ilangovan.muthiah | 24 Apr 2008 14:20

Re: msmtp: support for authentication method GSSAPI is not compiled in / gssapi support for msmtp

Hi Simon 
Thanks for your reply
 As you are assumming ,I want to use the Kerberos v5 auth mechanism
under gssapi.Now I have installed MIT
Kerberos package version krb5-1.6.1 as you suggest but still I am having
the same problem.I don't know much about kerberos client configuration.I
have configured the krb5.conf file only .I have no idea about what and
all need to be configured.   

configure: running /bin/sh ./configure '--prefix=/usr/local'
'--with-gssapi-impl=mit' --cache-file=/dev/null --srcdir=.
checking for a BSD-compatible install... /usr/bin/install -c
checking for minix/config.h... no
checking whether it is safe to define __EXTENSIONS__... yes
checking build system type... powerpc-unknown-linux-gnu
checking host system type... powerpc-unknown-linux-gnu
checking the maximum length of command line arguments... 98304
checking whether to use NLS... yes
checking where the gettext function comes from... libc
checking if ANONYMOUS should be used... yes
checking if EXTERNAL should be used... yes
checking if PLAIN should be used... yes
checking if LOGIN should be used... yes
checking if SECURID should be used... yes
checking for libntlm... yes
checking how to link with libntlm... /usr/local/lib/libntlm.so
-Wl,-rpath -Wl,/usr/local/lib
checking if NTLM should be used... yes
checking if CRAM-MD5 should be used... yes
checking if DIGEST-MD5 should be used... yes

(Continue reading)

Simon Josefsson | 24 Apr 2008 14:34

Re: msmtp: support for authentication method GSSAPI is not compiled in / gssapi support for msmtp

<ilangovan.muthiah <at> wipro.com> writes:

> Hi Simon 
> Thanks for your reply
>  As you are assumming ,I want to use the Kerberos v5 auth mechanism
> under gssapi.Now I have installed MIT
> Kerberos package version krb5-1.6.1 as you suggest but still I am having
> the same problem.I don't know much about kerberos client configuration.I
> have configured the krb5.conf file only .I have no idea about what and
> all need to be configured.   

You need to run 'kinit' on the client to get a Kerberos ticket, which
requires that you have a KDC somewhere.  The SMTP server you use must
typically also be part of the same Kerberos realm.

Sorry for confusing the problem by talking about hostkeys, that is only
required on the server side, and it seems you are on the client side.

/Simon

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

ilangovan.muthiah | 25 Apr 2008 11:54

Re: msmtp: support for authentication method GSSAPI is not compiled in / gssapi support for msmtp

Hi Simon,
        I installed the heimdal package and then tried to include
kerberos-v5 support in the SASL but kerberos_v5 support is not inclueded
in the SASL build .below is the output of  # ./configure
--enable-kerberos_v5  

Checking if PLAIN should be used... yes
checking if LOGIN should be used... yes
checking if SECURID should be used... yes
checking for libntlm... yes
checking how to link with libntlm... /usr/local/lib/libntlm.so
-Wl,-rpath -Wl,/usr/local/lib
checking if NTLM should be used... yes
checking if CRAM-MD5 should be used... yes
checking if DIGEST-MD5 should be used... yes
configure: checking for GSS implementation (heimdal)
configure: trying Heimdal
checking for krb5-config... /usr/heimdal/bin/krb5-config
checking gssapi.h usability... yes
checking gssapi.h presence... yes
checking for gssapi.h... yes
checking if GS2 should be used... no
checking if GSSAPI should be used... yes
checking for libshishi... no
configure: WARNING: GNU Shishi not found, disabling KERBEROS_V5
checking if KERBEROS_V5 should be used... no
checking for libidn... no
configure: WARNING: GNU Libidn not found.  Stringprep disabled.
checking if non-ASCII support via Libidn should be built... No

(Continue reading)

Simon Josefsson | 25 Apr 2008 12:50

Re: msmtp: support for authentication method GSSAPI is not compiled in / gssapi support for msmtp

<ilangovan.muthiah <at> wipro.com> writes:

> Hi Simon,
>         I installed the heimdal package and then tried to include
> kerberos-v5 support in the SASL but kerberos_v5 support is not inclueded
> in the SASL build .below is the output of  # ./configure
> --enable-kerberos_v5  

Hi.  No, you don't want to use --enable-kerberos_v5, that's not the
GSSAPI mechanism.  The configure output looks fine:

> checking if GSSAPI should be used... yes

Ignore the other warnings.

> I also tried with MIT kerberos package 1.6.1
> It always look for libshishi support.then I installed the  shishi-0.0.35
> version and tried but I got some compilation error when the
> --enable-kerberos_v5 flag is on .
> without shishi kerberos_v5 support is possible in SASL?

No, KERBEROS_V5 is Shishi-specific, but I don't recommend to use it.  It
is not standardized, and was part of an experiment.

> Localhost:~/SMTP__AUTH# msmtp --version
> msmtp version 1.4.14
> TLS/SSL library: none
> Authentication library: GNU SASL
> Supported authentication methods:
> plain cram-md5 digest-md5 gssapi external login ntlm

(Continue reading)

Return

Return to gmane.mail.msmtp.user.

Project Web Page

Discussion about the msmtp tool ()

Search Archive

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane