Closed Bug 332623 Opened 19 years ago Closed 18 years ago

Automatic email checking fails if using secure authentication

Categories

(Thunderbird :: Preferences, defect)

Product:
Thunderbird
Component:
Preferences
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 307788

People

(Reporter: matt.denton, Assigned: simon)

Details

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 Build Identifier: Thunderbird/1.5 (20051201) If using secure authentication, mail checks at startup and not again unless checked manually. The same account will check mail properly every X minutes if 'use secure authentication' is unchecked and thunderbird relaunched. I verified this previously with build 20051201 and again today with 3.0a1 (20060403). I double-checked in the config editor, that the setting for mail.server.server2.usesecauth does indeed change to true if the box is checked. Thunderbird does appear to otherwise be using the kerberos tickets properly for POP3 and for SMTP at startup and manual check/send, but I verified using Ethereal that it does not initialize the POP conversation if using secure authentication. Reproducible: Always Steps to Reproduce: 1.Set up new account, with mail set to check every X minutes 2.Check box for 'use secure auth' 3.Wait to see if mail checks after initial startup check Actual Results: Mail checks once at startup but not again Expected Results: Mail should have checked every X minutes The same account will check every X minutes if you uncheck the secure auth box and restart thunderbird. I've tried this on two different computers running OS X 10.4.5 with the same results. I verified using Ethereal that Thunderbird does not initialize the POP conversation if using secure authentication.
Related to/duplicate of bug 278227?
Might be related to 278227 -- except I don't believe Kerberos worked at all before v1.5, and the checking at initial startup does work (now), it's that it doesn't check after that except manually. Also Thunderbird doesn't prompt for a new ticket (Eudora will launch the Kerberos GUI if Kerberos is selected and the ticket is expired) if the ticket is expired, it just falls back to password, I don't know if that's a related issue or not.
This appears to be fixed in the 4/17/06 nightly build! Thanks to whoever worked on it, Tbird now not only checks at the proper interval with Kerberos, if the ticket has expired it prompts "Thunderbird requires that you type your Kerberos password" and gets a ticket. Bravo!
Secure auth bug still exists in Tbird 1.5.0.4 released today -- Tbird will check mail with Kerberos if krbtgt already exists but will not prompt for ticket if ticket is expired or non existent (eg, Tbird does not prompt for kinit) and then fails checking with error 'server does not understand secure authentication'. After ticket created manually Tbird will continue to check mail using secure auth until ticket expires.
Automatic checking using Secure Authentication in 1.5.04 only seems to work if a password is saved as well (eg the SASL/Kerb password), otherwise it only checks on manual checks. If a password is saved and you are using Secure Auth / Kerberos it will automatically check but will not prompt for a new ticket if the ticket has expired.
Firstly, to clarify. Current Thunderbird 1.5 releases do not support automatically getting Kerberos tickets as they are required. Bug #307788 contains a fix for this which has been applied to the trunk, but not yet back ported to the branch. There was no Kerberos support in Thunderbird versions prior to 1.5 I'm not sure I understand the bug you are seeing. Is it just that Kerberos tickets aren't being acquired/renewed when they should be, or are you seeing a failure to automatically fetch mail from the server, when Kerberos tickets are definitely available?
Assignee: mscott → simon
Simon - that is exactly right, I am seeing a failure to automatically fetch mail from the server, when Kerberos tickets are definitely available. If I set the same account to check using password it checks automatically; if I change it back after setting it to use a valid password it will check automatically (though I can't tell if it's using the password or not at that point). But without entering the password, it won't check automatically after startup even with a valid ticket. It does check at startup with a valid ticket, and then not again unless told to check mail manually.
(Simon?) where does this bug go from here? bug 278227 comment 9 sounds the same to me (eg close to this bug's comment 5).
FYI I'm on the nightly build download track, and this still persists in version version 2.0.0.7pre (20070910). My next suggestion may be beyond the scope of this bug but: now that Penelope is in development, one nice thing Eudora did was if Kerbero s (here Secure Authentication) was checked for authentication method, and a valid ticket was not found, Eudora called /System/Library/CoreServices/Kerberos.app to prompt the user to get a TGT. Thunderbird fails with a "Sending of Password did not succeeed" error and then prompts the user for a password. If Tbird/Penelope called /System/Library/CoreServices/Kerberos.app to prompt for a new TGT first, this failure to check automatically issue would be bypassed.
Prompting for credentials when credentials have expired is up to the Kerberos libraries, and not Thunderbird. As I noted in comment #6, bug #307788 details with the fact that until recently this behaviour was disabled in Thunderbird. This bug has been fixed on trunk for a while, and seems to have now been nominated for pull-up to the branch. I'm going to mark this bug as a duplicate of #307788. If there is a problem with automatic checking not working when Kerberos is in use, that's dealt with in bug #278227.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.