RE: help with gssapi smtp auth

[Umapati Singh]

Thank You SO MUCH!!!!!!

I greatly appreciate your response.  seriously, thanks!!!!!!

However, my apologies that I didnt elaborate much, reason being, I wasnt
really hopeful for a response, forget such a fast one.

So here is the rest of the story...

I have an MS-Exchange server that supports GSSAPI and NTLM AUTH only,
nothing else.  I want to build a small program so that I can send a mail to
this Exchange server using the GSSAPI authentication.

Please find below the output of the ehlo command:

250-EXACTDOM.exact.com Hello [192.168.0.78]
250-TURN
250-ATRN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM
250-AUTH GSSAPI NTLM
250-X-LINK2STATE
250-XEXCH50
250 OK

Regards,
Umapati




-----Original Message-----
From: Simon Josefsson [mailto:address@hidden
Sent: Thursday, December 15, 2005 4:41 AM
To: Umapati Singh
Cc: address@hidden
Subject: Re: help with gssapi smtp auth


"Umapati Singh" <address@hidden> writes:

> Hi all,
>
> I am trying to obtain STMP AUTH using the gssapi mechanism.  Can anyone
> please provide me with a sample/screesnshot for  a gssapi session so that
> i could know what messages and in what order do they need to be passed.

Hi!  Below is the output from GNU SASL connecting to a SMTP server,
upgrading the connection to TLS (using GnuTLS) and authenticating
using the Kerberos V5 implementation in GNU Shishi via GNU GSS.  I
think the SMTP server is Sendmail linked to Heimdal.

Other GSS-API implementations, such as MIT Kerberos, Heimdal or Sun's,
should work too.

Hope this helps,
Simon

PS.  The 'libshishi' warning below is because the server is using
buggy Kerberos V5 libraries.

address@hidden:~$ gsasl --smtp smtp.nada.kth.se
Trying `smtp.nada.kth.se'...
220 smtp.nada.kth.se ESMTP Sendmail 8.12.11/8.12.11; Thu, 15 Dec 2005
10:35:07 +0100 (MET)
EHLO [127.0.0.1]
250-smtp.nada.kth.se Hello h14n1c1o1033.bredband.skanova.com
[81.225.104.14], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH GSSAPI
250-STARTTLS
250-DELIVERBY
250 HELP
STARTTLS
220 2.0.0 Ready to start TLS
EHLO [127.0.0.1]
250-smtp.nada.kth.se Hello h14n1c1o1033.bredband.skanova.com
[81.225.104.14], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH GSSAPI PLAIN
250-DELIVERBY
250 HELP
AUTH GSSAPI
334
libshishi: warning: KDC bug: Reply encrypted using wrong key.
YIICEQYJKoZIhvcSAQICAQBuggIAMIIB/KADAgEFoQMCAQ6iBwMFACAAAACjggETYYIBDzCCAQug
AwIBBaENGwtOQURBLktUSC5TRaIjMCGgAwIBAaEaMBgbBHNtdHAbEHNtdHAubmFkYS5rdGguc2Wj
gc8wgcygAwIBEKEDAgEJooG/BIG8msq2xygko4Lv0Agu5pW6SEundUbFK5swuopukvx9kTidWULb
/Ab490wQbtnKx3lmM3BFvNFvuUyD3zvh9PHggwz7T7eZYSCDaovIL/QZ0ismF3lZejZBSwBhgLDA
DQuk4nZHbbeoU9Lk+1jzsMJguNh6Ot3G6o8WLqFZoe8pi3NuxzSdjutjg3O9s/fasuSB9T85bq6o
IMWGr5HHRNBNUF4x11tK3ytpsVoMNpKng3d4bY8tLgnxxLCmREakgc8wgcygAwIBEKEDAgEBooG/
BIG8SPCDQwKGzJfZGg+MgqQquBiGBXA2uy/08gPE19vuTBP7XyL2H4EaVqtl71MeVxExbat/CNAK
3dMXkNqR6VHxZqb+ky8MYMDo452Z1sN6BfIsKcsy2BcYTwFJMtgdn21vTWVHtMPH3wtXPuPFGn3j
igjsXiAyytXi1Y4p4Tni+ox5ndlZuqBJGeThVxyZIpCEI+5rWflxDIYVa/8CAcRUPQqoDpQIs5zk
wfoPQtTdfRLdph5VxQ79N9PnvnQ=
334
YGwGCSqGSIb3EgECAgIAb10wW6ADAgEFoQMCAQ+iTzBNoAMCARCiRgRE2FBXYUbT0MVIicgLYE/F
Ky6CcrvfQxZaoxyt05qqxJBL13kqneza/TKe5i0mjsN0Nc90KW/l4rL0eQ76vWMenaE1Lw8=

334
YD8GCSqGSIb3EgECAgIBBAD/////IGqNk7Rz3+kPdzT9oYPRWnQi/ESL0p3EeQ2yNLWArrmdOzxp
BwAgAAQEBAQ=
Using system username `jas' as authentication identity.
YD8GCSqGSIb3EgECAgIBBAD/////JhNtx+GhzYe54NY92BltbUHD6i02upmatfXUnIGrBR5vT5yu
AQAgAGphcwE=
235 2.0.0 OK Authenticated
Client authentication finished (server trusted)...
Enter application data (EOF to finish):
quit
221 2.0.0 smtp.nada.kth.se closing connection
Session finished...
QUIT
address@hidden:~$