Closed
Bug 556211
Opened 14 years ago
Closed 14 years ago
GSSAPI authentication failure, bad principal tried
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 530319
People
(Reporter: harri, Unassigned)
Details
Attachments
(2 files)
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.2) Gecko/20100324 Firefox/3.6.2 Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100330 Thunderbird/3.0.4 When I try to connect to my imap server "mailhost.afaics.de" TB gives me an error message claiming that mailhost doesn't support secure authentication. The KDC log file says "Server not found in Kerberos database", but looking closely it seems that Thunderbird tried to access a service "imap/p57bd359a.dip.t-dialin.net@AFAICS.DE". This is surely not correct. There is no host p57bd359a.dip.t-dialin.net in my realm. Other principals , esp. imap/mailhost.afaics.de@AFAICS.DE" were not tried. The "p57bd359a.dip.t-dialin.net" looks like the DNS host name of my external ADSL connection (even though the current IP address on the ADSL line doesn't match). My router does NAT and port forwarding to my mailhost, i.e. incoming EMails are forwarded on IP level to my mailhost. That might be a way how the external IP address comes into the game. ktutil on the imap server shows that the correct service principals have been registered in /etc/krb5.keytab. The principals are known on the Kerberos server, too. This bug breaks authentication. Please set the priority accordingly. A patch would be highly appreciated. Of course I would be glad to help to track this down. Reproducible: Always
Reporter | ||
Comment 1•14 years ago
|
||
Comment 2•14 years ago
|
||
Thanks for the log. Could you also provide an imap log as described at https://wiki.mozilla.org/MailNews:Logging ?
Component: General → Security
QA Contact: general → thunderbird
Reporter | ||
Comment 3•14 years ago
|
||
Reporter | ||
Comment 4•14 years ago
|
||
Attached. AFAICS it still tries the old "darkharri.dyndns.org". I _did_ change the host name some time ago, i.e. this report seems to be a dup of #530319. Would you agree to this?
Comment 5•14 years ago
|
||
(In reply to comment #4) > Attached. AFAICS it still tries the old "darkharri.dyndns.org". I _did_ change > the host name some time ago, i.e. this report seems to be a dup of #530319. > Would you agree to this? It looks like it yes. marking it as such.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•