[Akonadi] [Bug 456022] New: sasl2-kdexoauth2 does not work when support packet for xoauth2 via postfix (sasl-xoauth2) is used

Freek de Kruijf bugzilla_noreply at kde.org
Mon Jun 27 10:43:59 BST 2022


https://bugs.kde.org/show_bug.cgi?id=456022

            Bug ID: 456022
           Summary: sasl2-kdexoauth2 does not work when support packet for
                    xoauth2 via postfix (sasl-xoauth2) is used
           Product: Akonadi
           Version: unspecified
          Platform: openSUSE RPMs
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: Gmail resource
          Assignee: dvratil at kde.org
          Reporter: freekdekruijf at kde.nl
                CC: kdepim-bugs at kde.org
  Target Milestone: ---

I have a workstation which uses KDE Kontact, but also has a postfix server,
mainly used as client. Since Google requires xoauth2 for sending email via
KMail and via postfix, postfix needs the packet sasl-xoauth2 which puts a
plugin in /usr/lib64/sasl2/ for supporting xoauth2 in postfix. There is also a
plugin kdexoauth2 which supports xoauth2 for e-mail send by KMail via
smtp.gmail.com using akonadi.

When the plugin from sasl-xoauth2 is present in /usr/lib64/sasl2/ I am unable
to send email from KMail via smtp.gmail.com. Removing the plugin restores the
KMail functionality.

Apparently the akonadi process to send email using authorization with xoauth2
does not use the plugin kdexoauth2, but more likely the plugin from
sasl-xoauth2, which fails.

"pluginviewer -c" with both plugins present shows:
Installed and properly configured SASL (client side) mechanisms are:
  GSS-SPNEGO GSSAPI DIGEST-MD5 EXTERNAL CRAM-MD5 XOAUTH2 XOAUTH2 PLAIN LOGIN
ANONYMOUS
Available SASL (client side) mechanisms matching your criteria are:
  GSS-SPNEGO GSSAPI DIGEST-MD5 EXTERNAL CRAM-MD5 XOAUTH2 XOAUTH2 PLAIN LOGIN
ANONYMOUS
List of client plugins follows
Plugin "gssapiv2" [loaded],     API version: 4
        SASL mechanism: GSS-SPNEGO, best SSF: 256
        security flags:
NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
        features:
WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN|SUPPORTS_HTTP
Plugin "gssapiv2" [loaded],     API version: 4
        SASL mechanism: GSSAPI, best SSF: 256
        security flags:
NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
Plugin "digestmd5" [loaded],    API version: 4
        SASL mechanism: DIGEST-MD5, best SSF: 128
        security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
        features: PROXY_AUTHENTICATION|NEED_SERVER_FQDN|SUPPORTS_HTTP
Plugin "EXTERNAL" [loaded],     API version: 4
        SASL mechanism: EXTERNAL, best SSF: 0
        security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "crammd5" [loaded],      API version: 4
        SASL mechanism: CRAM-MD5, best SSF: 0
        security flags: NO_ANONYMOUS|NO_PLAINTEXT
        features: SERVER_FIRST
Plugin "sasl-xoauth2" [loaded],         API version: 4
        SASL mechanism: XOAUTH2, best SSF: 60
        security flags: NO_ANONYMOUS|PASS_CREDENTIALS
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "kdexoauth2" [loaded],   API version: 4
        SASL mechanism: XOAUTH2, best SSF: 0
        security flags: NO_ANONYMOUS|PASS_CREDENTIALS
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "plain" [loaded],        API version: 4
        SASL mechanism: PLAIN, best SSF: 0
        security flags: NO_ANONYMOUS|PASS_CREDENTIALS
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "login" [loaded],        API version: 4
        SASL mechanism: LOGIN, best SSF: 0
        security flags: NO_ANONYMOUS|PASS_CREDENTIALS
        features: SERVER_FIRST
Plugin "anonymous" [loaded],    API version: 4
        SASL mechanism: ANONYMOUS, best SSF: 0
        security flags: NO_PLAINTEXT
        features: WANT_CLIENT_FIRST

Note "sasl-xoauth2" shows an SSF of 60, which to my knowledge is a priority,
which differs from the SSF of "kdexoauth2", which is 0. From the information in
the packet sasl-xoauth2 this 60 is needed to make it work in postfix.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the Kdepim-bugs mailing list