GNOME Bugzilla – Bug 105050
Cannot connect to servers requiring secure password authentication.
Last modified: 2011-12-03 17:49:19 UTC
From my reading of the available documentation, PAN supports logon to news servers using the MS Secure Password Authentication (SPA) protocol. I cannot find any preference settings to specifically indicate that PAN should use SPA on a given server. When I logon to the server, I receive the following error messages in the log: Sun, 02 Feb 2003 10:07:25 - Pan 0.13.3 Started Sun, 02 Feb 2003 10:07:25 - Directory "/home/rhouse/.pan/messages/cache" contains 0.0 MB in 0 files Sun, 02 Feb 2003 10:07:25 - Directory "/home/rhouse/.pan/messages/folders/pan.sent" contains 0.0 MB in 0 files Sun, 02 Feb 2003 10:07:25 - Directory "/home/rhouse/.pan/messages/folders/pan.sendlater" contains 0.0 MB in 0 files Sun, 02 Feb 2003 10:07:25 - News server connection count: 0 Sun, 02 Feb 2003 10:07:32 - New connection 0x82166b0 for graduate2.uophx.edu, port 119, sockfd 8 Sun, 02 Feb 2003 10:07:32 - Handshake: 200 Microsoft Exchange Internet News Service Version 5.5.2656.14 (posting allowed) Sun, 02 Feb 2003 10:07:35 - Authentication failed: 502 no permission Sun, 02 Feb 2003 10:07:35 - Lost connection to server Sun, 02 Feb 2003 10:07:35 - Authentication failed: 502 no permission Sun, 02 Feb 2003 10:07:35 - Connect Failure Sun, 02 Feb 2003 10:07:36 - New connection 0x829cb38 for graduate2.uophx.edu, port 119, sockfd 8 Sun, 02 Feb 2003 10:07:36 - Handshake: 200 Microsoft Exchange Internet News Service Version 5.5.2656.14 (posting allowed) Sun, 02 Feb 2003 10:07:39 - Authentication failed: 502 no permission Sun, 02 Feb 2003 10:07:39 - Lost connection to server Sun, 02 Feb 2003 10:07:39 - Authentication failed: 502 no permission Sun, 02 Feb 2003 10:07:39 - Connect Failure
I suspect that newsserver uses a version of SPA that we don't support. Could you run 'pan --debug-sockets' and post the output as an attachment? http://bugzilla.gnome.org/createattachment.cgi?id=105050
Created attachment 15606 [details] Output of pan --debug -sockets
Christophe - attached the file as requested. My apologies for taking so long in generating it. Just to clarify once again - I haven't ever seen any preference in PAN where I can set it to use SPA, so I'm assuming that it auto-detects it when challenged. But if that's NOT the case, then perhaps my problem is that I'm just missing where the setting is. Let me know if it's pilot error and I'll give it another whirl. Many Thanks!
Background info: that server appears to respond differently than what the author of the SPA considered normal behaviour: > AUTHINFO USER <username> < 381 more authentication required > AUTHINFO PASS <password> < 502 no permission whereas the SPA functionality expects this: > AUTHINFO USER <username> < 502 no permission > AUTHINFO GENERIC < MSN (followed by the SPA MSN login) The reason for not immediately sending the 'AUTHINFO GENERIC' is that some servers drop the connection when they receive this. Robert: is this a local server, or can I connect to it directly?
Of course, I meant to say 'the author of Pan's SPA patch'.
This is a server run by the University of Phoenix. It uses newsgroups as a virtual classroom. While you can connect directly, you need to have a student account to actually sign in, and I'm not permitted to give mine out. If it helps at all, I do know that it's a Microsoft Exchange server running NNTP. If there's any other testing or info that I might be able to provide, I'm happy to do it.
Well, I wasn't really after your account/password, just the server's IP address. :) If this is a private server, then I can try finding some other SPA server.
Didn't mean to accuse you of looking for a uid/pwd combo. Just thought you might need that type of access to be able to do meaningful debug. :-) It's a public server, IP Address 204.17.24.33.
Thanks, that helped. < 200 Microsoft Exchange Internet News Service Version 5.5.2656.14 (posting allowed) > AUTHINFO GENERIC < 281 authentication accepted < DPA <. So, this version only supports DPA. Unfortunately, Pan currently only supports MSN (both are SPA implementations). Flagging as an enhancement, since it would be nice to extend our support for SPA. (background info: http://www.microsoft.com/msj/defaultframe.asp? page=/msj/0497/msn20/msn20.htm&nav=/msj/0497/newnav.htm)
Christophe may be shy in asking, but I won't be -- one of the developers needs access to an SPA news server in able to test out any patches we make. Does anyone know of a public-access news server that supports SPA authentication, or is willing to share an account under a temporary password?
*** Bug 129685 has been marked as a duplicate of this bug. ***
I am trying to contact someone in UOP IT department to see if they will authorize a temporary account for testing purposes. I'm not sure how fast I can do this over the holidays but I will try. Can you give me an approximate time frame when the account will be needed?
Anytime over the last three years would've been fine. :)