help-gsasl
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: help with gssapi smtp auth


From: Simon Josefsson
Subject: Re: help with gssapi smtp auth
Date: Thu, 15 Dec 2005 16:54:08 +0100
User-agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux)

Hi again.  I'm Cc:ing the mailing list, in case others are interested,
I hope you don't mind.

The data are GSS-API blobs.  You could use GNU SASL to produce them.
If you want to implement it all yourself, you need to implement these
protocols:

http://www.ietf.org/rfc/rfc1964.txt
http://www.ietf.org/rfc/rfc2222.txt
http://www.ietf.org/rfc/rfc2743.txt
http://www.ietf.org/rfc/rfc2744.txt

That is fairly complex, so it is probably easier to simply use GNU
SASL for the SASL part, GNU GSS for the GSS-API part and GNU Shishi
for the Kerberos V5 part.

NTLM is slightly less complex, you would only need GNU SASL for the
SASL part and Libntlm for the NTLM part.

Hope this helps,
Simon

"Umapati Singh" <address@hidden> writes:

> also, could you please elaborate on the messages that you passed after AUTH
> GSSAPI.  its not simple base64 encoded username and password, i see.  so
> where did u exactly these strings from.....  i hope im coherent....
>
> waiting eagerly for an arly reponse,
> umapati
>
> -----Original Message-----
> From: Simon Josefsson [mailto:address@hidden
> Sent: Thursday, December 15, 2005 4:41 AM
> To: Umapati Singh
> Cc: address@hidden
> Subject: Re: help with gssapi smtp auth
>
>
> "Umapati Singh" <address@hidden> writes:
>
>> Hi all,
>>
>> I am trying to obtain STMP AUTH using the gssapi mechanism.  Can anyone
>> please provide me with a sample/screesnshot for  a gssapi session so that
>> i could know what messages and in what order do they need to be passed.
>
> Hi!  Below is the output from GNU SASL connecting to a SMTP server,
> upgrading the connection to TLS (using GnuTLS) and authenticating
> using the Kerberos V5 implementation in GNU Shishi via GNU GSS.  I
> think the SMTP server is Sendmail linked to Heimdal.
>
> Other GSS-API implementations, such as MIT Kerberos, Heimdal or Sun's,
> should work too.
>
> Hope this helps,
> Simon
>
> PS.  The 'libshishi' warning below is because the server is using
> buggy Kerberos V5 libraries.
>
> address@hidden:~$ gsasl --smtp smtp.nada.kth.se
> Trying `smtp.nada.kth.se'...
> 220 smtp.nada.kth.se ESMTP Sendmail 8.12.11/8.12.11; Thu, 15 Dec 2005
> 10:35:07 +0100 (MET)
> EHLO [127.0.0.1]
> 250-smtp.nada.kth.se Hello h14n1c1o1033.bredband.skanova.com
> [81.225.104.14], pleased to meet you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-AUTH GSSAPI
> 250-STARTTLS
> 250-DELIVERBY
> 250 HELP
> STARTTLS
> 220 2.0.0 Ready to start TLS
> EHLO [127.0.0.1]
> 250-smtp.nada.kth.se Hello h14n1c1o1033.bredband.skanova.com
> [81.225.104.14], pleased to meet you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-AUTH GSSAPI PLAIN
> 250-DELIVERBY
> 250 HELP
> AUTH GSSAPI
> 334
> libshishi: warning: KDC bug: Reply encrypted using wrong key.
> YIICEQYJKoZIhvcSAQICAQBuggIAMIIB/KADAgEFoQMCAQ6iBwMFACAAAACjggETYYIBDzCCAQug
> AwIBBaENGwtOQURBLktUSC5TRaIjMCGgAwIBAaEaMBgbBHNtdHAbEHNtdHAubmFkYS5rdGguc2Wj
> gc8wgcygAwIBEKEDAgEJooG/BIG8msq2xygko4Lv0Agu5pW6SEundUbFK5swuopukvx9kTidWULb
> /Ab490wQbtnKx3lmM3BFvNFvuUyD3zvh9PHggwz7T7eZYSCDaovIL/QZ0ismF3lZejZBSwBhgLDA
> DQuk4nZHbbeoU9Lk+1jzsMJguNh6Ot3G6o8WLqFZoe8pi3NuxzSdjutjg3O9s/fasuSB9T85bq6o
> IMWGr5HHRNBNUF4x11tK3ytpsVoMNpKng3d4bY8tLgnxxLCmREakgc8wgcygAwIBEKEDAgEBooG/
> BIG8SPCDQwKGzJfZGg+MgqQquBiGBXA2uy/08gPE19vuTBP7XyL2H4EaVqtl71MeVxExbat/CNAK
> 3dMXkNqR6VHxZqb+ky8MYMDo452Z1sN6BfIsKcsy2BcYTwFJMtgdn21vTWVHtMPH3wtXPuPFGn3j
> igjsXiAyytXi1Y4p4Tni+ox5ndlZuqBJGeThVxyZIpCEI+5rWflxDIYVa/8CAcRUPQqoDpQIs5zk
> wfoPQtTdfRLdph5VxQ79N9PnvnQ=
> 334
> YGwGCSqGSIb3EgECAgIAb10wW6ADAgEFoQMCAQ+iTzBNoAMCARCiRgRE2FBXYUbT0MVIicgLYE/F
> Ky6CcrvfQxZaoxyt05qqxJBL13kqneza/TKe5i0mjsN0Nc90KW/l4rL0eQ76vWMenaE1Lw8=
>
> 334
> YD8GCSqGSIb3EgECAgIBBAD/////IGqNk7Rz3+kPdzT9oYPRWnQi/ESL0p3EeQ2yNLWArrmdOzxp
> BwAgAAQEBAQ=
> Using system username `jas' as authentication identity.
> YD8GCSqGSIb3EgECAgIBBAD/////JhNtx+GhzYe54NY92BltbUHD6i02upmatfXUnIGrBR5vT5yu
> AQAgAGphcwE=
> 235 2.0.0 OK Authenticated
> Client authentication finished (server trusted)...
> Enter application data (EOF to finish):
> quit
> 221 2.0.0 smtp.nada.kth.se closing connection
> Session finished...
> QUIT
> address@hidden:~$




reply via email to

[Prev in Thread] Current Thread [Next in Thread]