394043 - Wrong message if GSSAPI fails and is the only mechanism available

Status: RESOLVED INCOMPLETE

(MailNews Core :: Networking: SMTP, defect)

Description

[Christian Eyrich]

Continuation from bug 311657, comment 63 and following.

In case GSSAPI fails once it's never retried (deliberately) and switched off. But if it's the only (secure) mechanism available, nsSmtpProtocol::ProcessAuth() thinks there's no mechanism available at all and gives a wrong error (NS_ERROR_COULD_NOT_LOGIN_TO_SMTP_SERVER_SECAUTH).

I don't know if it's right not to retry GSSAPI if failed once. Normally the reshowing password prompt is our sign  to the user that something went wrong. Even if we fix the wrong error message we'd have to display a new message to be set up.

Comment 1

[Simon Wilkinson]

When the GSSAPI implementation was original written, it was enabled in "stealth" mode - that is, if the user had GSSAPI credentials, and the server supported GSSAPI authentication, then we'd do GSSAPI. Otherwise, GSSAPI would silently fail and we'd continue as normal. The huge number of servers that incorrectly offer GSSAPI means that this is the only way to do this without introducing new-UI to allow the user to request GSSAPI.

I'm working on building some new UI to replace the 'Use secure authentication" option, which will explicitly offer the chance to use (or not) GSSAPI. Once that's in place, it should be possible to make the error reporting from the GSSAPI code far more explicit.

Comment 2

[David :Bienvenu]

wanted very much, but not blocking

Comment 3

[Wayne Mery (:wsmwk)]

Version 91 has all new smtp backend code. If you can still reproduce this issue, please file a new bug report https://bugzilla.mozilla.org/enter_bug.cgi?product=MailNews%20Core&component=Networking%3A%20SMTP