Re: [pysieved] Authentication problem

[Neale Pickett <neale at woozle dot org>]

Matthias,

Implementing GSSAPI would require some major work, the only
authentication mechanism supported is PLAIN (since it was easiest to
implement).  GSSAPI--I think--requires a whole conversation back and
forth, in order to establish server credentials, issue a challenge, etc.
I think for this sort of thing you ought to try Stephan Bosch's patch.

If you like you could hack GSSAPI into pysieved, or contract some other
programmer to do it.  I'd be happy to merge in a patch if it keeps with
the design of pysieved.

You're right about logging, of course.  The infrastructure is finally in
place to do proper logging, I just haven't added it to anything yet.
You're right that 1.0 shouldn't be released until there's better
logging.

> I've also tried to do authentication via PAM (via pam_krb5.so). My 
> dovecot server is configured to support that anyway, so I just told 
> pysieved to use dovecot's PAM configuration, but when I try to access 
> the scripts via kmail, it tells me that my user name and/or password 
> aren't correct (needless to say they are correct, since kmail is able 
> to fetch my mails with them). 

This is an interesting situation.  I don't know how the PAM kerberos
module works but I'm not surprised to hear that it's goofy with
pysieved: the pam authentication module was only designed for simple
challenge/response, and I'd be shocked if it worked for more complicated
things like GSSAPI or biometric scans.

Neale