[Patch] SMTP, POP: fall back to auth w/ password if GSS failed



Hi all,

attached is a patch which addresses the following issue:
- the POP or SMTP server advertises Kerberos (GSSAPI) authentication, and Balsa is built w/ GSS support
- user does not have a Kerberos ticket (but a password)
- GSS auth fails, and Balsa stops authentication.

This /might/ be the issue detected by John Jack Doe recently.

With the patch, if GSS is supported and available, Balsa will first emit the signal to get the user name, but 
not the password, and try GSS authentication.

If the GSS authentication fails, the signal is emitted again, but now /with/ requesting the password, and the 
most secure of the other auth methods is tried.

This avoids the situation outlined above, whilst avoiding unnecessary password requests.

Opinions?

Best,
Albrecht.
---
Patch details:
- libnetclient/net-client-pop.c, libnetclient/net-client-smtp.c: retry auth with password if GSS auth failed; 
small performance improvement checking the various auth methods
- libnetclient/net-client-utils.c: print more (internal) debug info about failed GSS operations, fix nit-picks

Attachment: gss-auth-fallback.diff.bz2
Description: application/bzip

Attachment: pgpifhznETk_K.pgp
Description: PGP signature



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]