Re: [PATCH] GSSAPI single sign-on for SMTP, POP3

[Peter Bloomfield <PeterBloomfield bellsouth net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Albrecht:

On 04/25/2017 01:43:04 PM Tue, Albrecht Dreß wrote:
> Hi all,
>
> a while ago a user requested GSSAPI (Kerberos v5 single sign-on, RFC 4752) authentication for SMTP.  The 
> attached patch implements it for both SMTP and POP3 in addition to IMAP, i.e. with this patch, Balsa now 
> offers SSO for /all/ server connections.
>
> Basically, I added a few helper functions to libnetclient, which are used in the specific authentication 
> methods.  As the GSSAPI tokens can be /very/ long, the maximum line length for SMTP needs to be enhanced.  
> This also revealed a bug in the net-client.c function net_client_vwrite_line() which used a too short 
> fixed-length buffer (replaced by a GString).
>
> As single sign-on requires only the user name, but not a password, I had to extend the auth signal handler 
> with an indication whether the password is needed or not.
>
> Unfortunately, I can not write "simple" unit tests as my test "server" (INetSim) does not support GSSAPI.  For testing, 
> I installed a Debian VM with Samba4 (which is so nice to configure Kerberos appropriately for me, which otherwise is a real PITA!) plus 
> postfix and dovecot exclusively supporting GSSAPI authentication.  Afaict, this implementation works just fine there.  However, some more 
> testing with "real world" setups would be highly appreciated.
>
> As always, any comment will be welcome!

Many thanks for the patch!

It builds and runs for me, but I have no way of testing GSSAPI authentication, so I've pushed it to master to 
allow wider testing.

Peter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlj/9T4ACgkQH1/UtbkqdPVPjwCfcS6Qlq0TucA1G8eqVkSkS/31
WTkAoIiyHtsSwrCtDPp3uYddcAPJwqLO
=rh0w
-----END PGP SIGNATURE-----