kerberized version of fetchmail? (corrected)
Nalin Dahyabhai
nalin at redhat.com
Thu Nov 13 17:35:18 UTC 2003
On Thu, Nov 13, 2003 at 09:09:00AM -0800, Globe Trotter wrote:
> OK, so if I go for kerberos 5, how do I need to modify it? The server accepts
> both 5 as well as 4.
Best thing is to find out what the server supports for authentication.
To do that for a POP3 server, use netcat to connect to the port and
issue the CAPA command:
nc popserver.example.com pop3
> +OK POP3 blahblahblah ready
CAPA
> +OK Here you go:
> STLS
> USER
> SASL GSSAPI LOGIN
QUIT
> +OK luvyoubuhbye
The important part is the SASL capability, which lists the SASL methods
which the server supports. If you see GSSAPI listed, change "proto KPOP
auth kerberos_v4" to "proto POP auth gssapi", of if you see KERBEROS_V5,
try "proto POP auth kerberos_v5".
If it's an IMAP server, the commands you'll want to send will look more
like this:
nc imapserver.example.com imap
> * OK [CAPABILITY] IMAP blahblahblah
0001 CAPABILITY
> * CAPABILITY STARTTLS AUTH=GSSAPI AUTH=LOGIN
> 0001 OK CAPABILITY completed
0002 LOGOUT
> * luvyoubuhbye
> 0002 OK LOGOUT completed
and you'll want to look for AUTH= capabilities. This, more or less, is
what most mail clients (including fetchmail) will do.
HTH,
Nalin
More information about the fedora-list
mailing list