On Thu, Nov 13, 2003 at 09:09:00AM -0800, Globe Trotter wrote: > OK, so if I go for kerberos 5, how do I need to modify it? The server accepts > both 5 as well as 4. Best thing is to find out what the server supports for authentication. To do that for a POP3 server, use netcat to connect to the port and issue the CAPA command: nc popserver.example.com pop3 > +OK POP3 blahblahblah ready CAPA > +OK Here you go: > STLS > USER > SASL GSSAPI LOGIN QUIT > +OK luvyoubuhbye The important part is the SASL capability, which lists the SASL methods which the server supports. If you see GSSAPI listed, change "proto KPOP auth kerberos_v4" to "proto POP auth gssapi", of if you see KERBEROS_V5, try "proto POP auth kerberos_v5". If it's an IMAP server, the commands you'll want to send will look more like this: nc imapserver.example.com imap > * OK [CAPABILITY] IMAP blahblahblah 0001 CAPABILITY > * CAPABILITY STARTTLS AUTH=GSSAPI AUTH=LOGIN > 0001 OK CAPABILITY completed 0002 LOGOUT > * luvyoubuhbye > 0002 OK LOGOUT completed and you'll want to look for AUTH= capabilities. This, more or less, is what most mail clients (including fetchmail) will do. HTH, Nalin
