unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Request for advice on GNUS internals. GSSAPI progress report
@ 2017-02-15  4:37 Elias Mårtenson
  2017-02-15 10:13 ` Elias Mårtenson
  0 siblings, 1 reply; 12+ messages in thread
From: Elias Mårtenson @ 2017-02-15  4:37 UTC (permalink / raw)
  To: emacs-devel

[-- Attachment #1: Type: text/plain, Size: 1123 bytes --]

I've now spent a few days figuring out how to do GSSAPI authentication with
IMAP, and I have now managed to complete a full handshake from GNUS with a
Microsoft Exchange server using GSSAPI.

Immediately after authentication is complete, the connection switches to
GSSAPI mode where each packet needs to pass through a call to ‘gss-unwrap’,
and the data sent to the server also needs to be split into packets which
are wrapped using a call to ‘gss-wrap’. The situation is further
complicated by the fact that the server can limit the maximum packet size
during initial handshake.

I need some advice from someone who is well-versed in the internals of GNUS
to explain where I should add the code to handle this.

At first I was looking at create a new ‘nnimap-stream’ type to represent
this, but the connection is already inside a TLS connection which already
uses ‘ssl’ or ‘starttls’ here. The GSSAPI authentication is independent of
the actual connection type, but it wraps all the IMAP commands that are
transmitted over it.

What approach should I take here?

Regards,
Elias

[-- Attachment #2: Type: text/html, Size: 1255 bytes --]

^ permalink raw reply	[flat|nested] 12+ messages in thread
* Re: Request for advice on GNUS internals. GSSAPI progress report
@ 2017-02-16 15:42 Live System User
       [not found] ` <CADtN0W+AdbL9xo2_M-bfV3K=Xsu5-puUJ1bA3aw_=KMT6hSv5w@mail.gmail.com>
  0 siblings, 1 reply; 12+ messages in thread
From: Live System User @ 2017-02-16 15:42 UTC (permalink / raw)
  To: Elias Mårtenson; +Cc: emacs-devel

Elias Mårtenson <lokedhs@gmail.com> writes:

> I am now able to read my email using a GSSAPI-authenticated connection.
>
> If anyone is willing to try it,

  I know that you are still testing but don't forget to remove your
  "message" statements in nnimap.el -- it prints out passwords.

  Not sure where it is but I believe Gnus has facilities to inhibit the
  display of passwords as well as only messaging when debugging is
  turned on (and at different loglevels).
  
  Also. can you consider handling the error when either module support
  is not enabled or the emacs-gssapi module is unavailable?

  Bonus points if the authenicator falls back to using the "gsasl" or
  "imtest" program, if configured:


(defcustom gssapi-program (list
                           (concat "gsasl %s %p "
                                   "--mechanism GSSAPI "
                                   "--authentication-id %l")
                           "imtest -m gssapi -u %l -p %p %s")


  Thanks.



^ permalink raw reply	[flat|nested] 12+ messages in thread

end of thread, other threads:[~2017-02-28  7:25 UTC | newest]

Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-02-15  4:37 Request for advice on GNUS internals. GSSAPI progress report Elias Mårtenson
2017-02-15 10:13 ` Elias Mårtenson
2017-02-16 10:17   ` Elias Mårtenson
2017-02-20 16:10     ` Lars Ingebrigtsen
2017-02-21  2:50       ` Elias Mårtenson
2017-02-21  3:42         ` Eli Zaretskii
2017-02-21  4:50           ` Elias Mårtenson
2017-02-21  8:00         ` Michael Albinus
2017-02-27 16:29         ` Lars Ingebrigtsen
2017-02-28  7:25           ` Elias Mårtenson
  -- strict thread matches above, loose matches on Subject: below --
2017-02-16 15:42 Live System User
     [not found] ` <CADtN0W+AdbL9xo2_M-bfV3K=Xsu5-puUJ1bA3aw_=KMT6hSv5w@mail.gmail.com>
     [not found]   ` <CADtN0WLv9v57Di8O66Ggxo8Gk6Hi50OykK=J5UMTqCiOpROn-A@mail.gmail.com>
2017-02-16 16:09     ` Elias Mårtenson

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).