kerberized version of fetchmail? (corrected)
Globe Trotter
itsme_410 at yahoo.com
Sun Nov 16 06:48:51 UTC 2003
Hi,
I think I figured out the error -- it should be POP3, not POP in the proto,
right?
However, I still have problems. I have Kerberos 5 tickets issued, obtained
using kinit and validated using kinit. However, I can not get errors. The
following example is what I have been following for my .fetchmailrc:
set daemon 600
poll user.mail.iastate.edu with proto POP3 auth gssapi uidl
principal pop.pop.iastate.edu at IASTATE.EDU
user 'user' there with password `ISU' is user here warnings 3600
mda 'procmail -f-'
keep
However, it does not work. I get the following error:
$fetchmail -c -vv
........
fetchmail: Scratch list of UIDs: <empty>
fetchmail: removing stale lockfile
fetchmail: 6.2.0 querying user.mail.iastate.edu (protocol POP3) at Sun 16 Nov
2003 12:39:50 AM CST: poll started
fetchmail: Kerberos V5 support not linked.
fetchmail: 6.2.0 querying user.mail.iastate.edu (protocol POP3) at Sun 16 Nov
2003 12:39:50 AM CST: poll completed
fetchmail: normal termination, status 7
I can not figure out how to link Kerberos V5 support. Should I use hesiod for
this. Ihave krb5 tickets issued to me:
$ klist
Ticket cache: FILE:/tmp/krb5cc_500
Default principal: user at IASTATE.EDU
Valid starting Expires Service principal
11/15/03 20:47:10 11/16/03 00:47:10 krbtgt/IASTATE.EDU at IASTATE.EDU
Kerberos 4 ticket cache: /tmp/tkt500
klist: You have no tickets cached
Reading the manpage seems to indicate that hesiod has to be linked somehow as
well as that principal is only for Kerberos 4. However, the error above
indicates that "Kerberos V5" support is not linked. How is this resolved? Can
someone please help -- does this mean that fetchmail has to be reinstalled with
Kerberos V support, explicitly?
Thanks and best wishes!
--- Nalin Dahyabhai <nalin at redhat.com> wrote:
> On Thu, Nov 13, 2003 at 09:09:00AM -0800, Globe Trotter wrote:
> > OK, so if I go for kerberos 5, how do I need to modify it? The server
> accepts
> > both 5 as well as 4.
>
> Best thing is to find out what the server supports for authentication.
> To do that for a POP3 server, use netcat to connect to the port and
> issue the CAPA command:
> nc popserver.example.com pop3
> > +OK POP3 blahblahblah ready
> CAPA
> > +OK Here you go:
> > STLS
> > USER
> > SASL GSSAPI LOGIN
> QUIT
> > +OK luvyoubuhbye
> The important part is the SASL capability, which lists the SASL methods
> which the server supports. If you see GSSAPI listed, change "proto KPOP
> auth kerberos_v4" to "proto POP auth gssapi", of if you see KERBEROS_V5,
> try "proto POP auth kerberos_v5".
>
> If it's an IMAP server, the commands you'll want to send will look more
> like this:
> nc imapserver.example.com imap
> > * OK [CAPABILITY] IMAP blahblahblah
> 0001 CAPABILITY
> > * CAPABILITY STARTTLS AUTH=GSSAPI AUTH=LOGIN
> > 0001 OK CAPABILITY completed
> 0002 LOGOUT
> > * luvyoubuhbye
> > 0002 OK LOGOUT completed
> and you'll want to look for AUTH= capabilities. This, more or less, is
> what most mail clients (including fetchmail) will do.
>
> HTH,
>
> Nalin
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-list
__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
More information about the fedora-list
mailing list