2

I'm trying to send emails using MSMTP with NTLM or GSSAPI authentication. This works fine using the NTLM authentication, but fails while using the GSSAPI.

msmtp --version

Output

msmtp version 1.6.6
Platform: x86_64-pc-linux-gnu
TLS/SSL library: GnuTLS
Authentication library: GNU SASL
Supported authentication methods:
plain scram-sha-1 external gssapi cram-md5 digest-md5 login ntlm
IDN support: enabled
NLS: enabled, LOCALEDIR is /usr/share/locale
Keyring support: none
System configuration file name: /etc/msmtprc
User configuration file name: /home/XXXX/.msmtprc

Command used for sending email

printf "Subject: Using GSSAPI\n\nTest message 1 using GSSAPI." | msmtp userid@somedomain.name

Error message

msmtp: GNU SASL: GSSAPI error in client while negotiating security context in gss_init_sec_context() in SASL library.  This is most likely due insufficient credentials or malicious interactions.
msmtp: could not send mail (account default from /etc/msmtprc)

System configuration file

auth gssapi
timeout 10
tls on
#tls_trust_file /etc/ssl/certs/ca-certificates.crt
tls_certcheck off
logfile /var/log/xxxx/msmtp.log
host <<hostname>>
port 587
from username@somedomain.name
user username@somedomain.name
password <<password>>

Wanting to know if I'm missing any configuration steps/commands or implementing something wrong. Any kind help is highly appreciated. Thanks in advance.

VikramV
  • 1,111
  • 2
  • 13
  • 31

1 Answers1

1

SASL will delegate to MIT Kerberos/Heimdal. You need to do a kinit first. Do export KRB5_TRACE=/dev/stderr and you'll see what MIT Kerberos does.

Michael-O
  • 18,123
  • 6
  • 55
  • 121
  • 1
    Do I need to have Heimdal on my system? Apologies for asking this naive question, I'm a newbie here with MSMTP GSSAPI authentication. – VikramV Dec 10 '19 at 14:59
  • 1
    @VikramV No, MIT Kerberos. As far as I know, `KRB5_TRACE` works for MIT Kerberos only. Check with your OS what is used by GNU SASL. – Michael-O Dec 10 '19 at 21:22