Re: help with gssapi smtp auth

help-gsasl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: help with gssapi smtp auth

From:	Simon Josefsson
Subject:	Re: help with gssapi smtp auth
Date:	Thu, 15 Dec 2005 16:49:40 +0100
User-agent:	Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux)

"Umapati Singh" <address@hidden> writes:

> Thank You SO MUCH!!!!!!
>
> I greatly appreciate your response.  seriously, thanks!!!!!!
>
> However, my apologies that I didnt elaborate much, reason being, I wasnt
> really hopeful for a response, forget such a fast one.

Happy to be of service. ;-)

> So here is the rest of the story...
>
> I have an MS-Exchange server that supports GSSAPI and NTLM AUTH only,
> nothing else.  I want to build a small program so that I can send a mail to
> this Exchange server using the GSSAPI authentication.

Take a look at Martin's MSMTP, I believe it does exactly what you are
looking for:

http://msmtp.sourceforge.net/

It shouldn't be difficult to adapt the code to do what you want.  You
could also look at the GNU SASL examples, or the source code for the
GNU SASL 'gsasl' command line tool.

Hope this helps,
Simon

> Please find below the output of the ehlo command:
>
> 250-EXACTDOM.exact.com Hello [192.168.0.78]
> 250-TURN
> 250-ATRN
> 250-SIZE
> 250-ETRN
> 250-PIPELINING
> 250-DSN
> 250-ENHANCEDSTATUSCODES
> 250-8bitmime
> 250-BINARYMIME
> 250-CHUNKING
> 250-VRFY
> 250-X-EXPS GSSAPI NTLM
> 250-AUTH GSSAPI NTLM
> 250-X-LINK2STATE
> 250-XEXCH50
> 250 OK
>
> Regards,
> Umapati
>
>
>
>
> -----Original Message-----
> From: Simon Josefsson [mailto:address@hidden
> Sent: Thursday, December 15, 2005 4:41 AM
> To: Umapati Singh
> Cc: address@hidden
> Subject: Re: help with gssapi smtp auth
>
>
> "Umapati Singh" <address@hidden> writes:
>
>> Hi all,
>>
>> I am trying to obtain STMP AUTH using the gssapi mechanism.  Can anyone
>> please provide me with a sample/screesnshot for  a gssapi session so that
>> i could know what messages and in what order do they need to be passed.
>
> Hi!  Below is the output from GNU SASL connecting to a SMTP server,
> upgrading the connection to TLS (using GnuTLS) and authenticating
> using the Kerberos V5 implementation in GNU Shishi via GNU GSS.  I
> think the SMTP server is Sendmail linked to Heimdal.
>
> Other GSS-API implementations, such as MIT Kerberos, Heimdal or Sun's,
> should work too.
>
> Hope this helps,
> Simon
>
> PS.  The 'libshishi' warning below is because the server is using
> buggy Kerberos V5 libraries.
>
> address@hidden:~$ gsasl --smtp smtp.nada.kth.se
> Trying `smtp.nada.kth.se'...
> 220 smtp.nada.kth.se ESMTP Sendmail 8.12.11/8.12.11; Thu, 15 Dec 2005
> 10:35:07 +0100 (MET)
> EHLO [127.0.0.1]
> 250-smtp.nada.kth.se Hello h14n1c1o1033.bredband.skanova.com
> [81.225.104.14], pleased to meet you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-AUTH GSSAPI
> 250-STARTTLS
> 250-DELIVERBY
> 250 HELP
> STARTTLS
> 220 2.0.0 Ready to start TLS
> EHLO [127.0.0.1]
> 250-smtp.nada.kth.se Hello h14n1c1o1033.bredband.skanova.com
> [81.225.104.14], pleased to meet you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-AUTH GSSAPI PLAIN
> 250-DELIVERBY
> 250 HELP
> AUTH GSSAPI
> 334
> libshishi: warning: KDC bug: Reply encrypted using wrong key.
> YIICEQYJKoZIhvcSAQICAQBuggIAMIIB/KADAgEFoQMCAQ6iBwMFACAAAACjggETYYIBDzCCAQug
> AwIBBaENGwtOQURBLktUSC5TRaIjMCGgAwIBAaEaMBgbBHNtdHAbEHNtdHAubmFkYS5rdGguc2Wj
> gc8wgcygAwIBEKEDAgEJooG/BIG8msq2xygko4Lv0Agu5pW6SEundUbFK5swuopukvx9kTidWULb
> /Ab490wQbtnKx3lmM3BFvNFvuUyD3zvh9PHggwz7T7eZYSCDaovIL/QZ0ismF3lZejZBSwBhgLDA
> DQuk4nZHbbeoU9Lk+1jzsMJguNh6Ot3G6o8WLqFZoe8pi3NuxzSdjutjg3O9s/fasuSB9T85bq6o
> IMWGr5HHRNBNUF4x11tK3ytpsVoMNpKng3d4bY8tLgnxxLCmREakgc8wgcygAwIBEKEDAgEBooG/
> BIG8SPCDQwKGzJfZGg+MgqQquBiGBXA2uy/08gPE19vuTBP7XyL2H4EaVqtl71MeVxExbat/CNAK
> 3dMXkNqR6VHxZqb+ky8MYMDo452Z1sN6BfIsKcsy2BcYTwFJMtgdn21vTWVHtMPH3wtXPuPFGn3j
> igjsXiAyytXi1Y4p4Tni+ox5ndlZuqBJGeThVxyZIpCEI+5rWflxDIYVa/8CAcRUPQqoDpQIs5zk
> wfoPQtTdfRLdph5VxQ79N9PnvnQ=
> 334
> YGwGCSqGSIb3EgECAgIAb10wW6ADAgEFoQMCAQ+iTzBNoAMCARCiRgRE2FBXYUbT0MVIicgLYE/F
> Ky6CcrvfQxZaoxyt05qqxJBL13kqneza/TKe5i0mjsN0Nc90KW/l4rL0eQ76vWMenaE1Lw8=
>
> 334
> YD8GCSqGSIb3EgECAgIBBAD/////IGqNk7Rz3+kPdzT9oYPRWnQi/ESL0p3EeQ2yNLWArrmdOzxp
> BwAgAAQEBAQ=
> Using system username `jas' as authentication identity.
> YD8GCSqGSIb3EgECAgIBBAD/////JhNtx+GhzYe54NY92BltbUHD6i02upmatfXUnIGrBR5vT5yu
> AQAgAGphcwE=
> 235 2.0.0 OK Authenticated
> Client authentication finished (server trusted)...
> Enter application data (EOF to finish):
> quit
> 221 2.0.0 smtp.nada.kth.se closing connection
> Session finished...
> QUIT
> address@hidden:~$

[Prev in Thread]

Current Thread

[Next in Thread]

help with gssapi smtp auth, Umapati Singh, 2005/12/15
- Re: help with gssapi smtp auth, Martin Lambers, 2005/12/15
- Re: help with gssapi smtp auth, Simon Josefsson, 2005/12/15
  - RE: help with gssapi smtp auth, Umapati Singh, 2005/12/15
    - Re: help with gssapi smtp auth, Simon Josefsson <=
- Re: help with gssapi smtp auth, Simon Josefsson, 2005/12/15
  - RE: help with gssapi smtp auth, Umapati Singh, 2005/12/15
    - Re: help with gssapi smtp auth, Simon Josefsson, 2005/12/15
    - RE: help with gssapi smtp auth, Umapati Singh, 2005/12/15
    - Re: help with gssapi smtp auth, Simon Josefsson, 2005/12/15
    - RE: help with gssapi smtp auth, Umapati Singh, 2005/12/15
    - Re: help with gssapi smtp auth, Simon Josefsson, 2005/12/15
    - RE: help with gssapi smtp auth, Umapati Singh, 2005/12/15
    - Re: help with gssapi smtp auth, Simon Josefsson, 2005/12/16
    - RE: help with gssapi smtp auth, Umapati Singh, 2005/12/15

Prev by Date: Re: help with gssapi smtp auth
Next by Date: RE: help with gssapi smtp auth
Previous by thread: RE: help with gssapi smtp auth
Next by thread: Re: help with gssapi smtp auth
Index(es):
- Date
- Thread