Re: [exim] Testing needed: heimdal_gssapi authenticator

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMPhil Pennock at <-
M 
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-users, exim-dev
Subject: Re: [exim] Testing needed: heimdal_gssapi authenticator
On 2012-03-20 at 21:52 -0700, Phil Pennock wrote:
> So: with no usercode filled in, Apple Mail does not set an authzid for
> the request; it's not clear to me if this is allowed by RFC 4752, but I
> will change Exim to support it and just dup the authen id to authzid for
> that case (and only commit that if it's clear that this is sufficient to
> fix).

That was sufficient to fix. Committed to master and pushed to main
repo.

Exim's heimdal_gssapi now works with Apple Mail using IPv6/TLS/GSSAPI to
connect, as long as:

* the usercode field is left empty; or
* the usercode field is not fully qualified

Fully qualifying the usercode to include a realm in Apple Mail leads to
buggy behaviour by the client which Exim can't work around.


My previous testing was with mutt, which doesn't trigger authentication
unless there's a user in the smtp_url, so there's *always* an authzid
from mutt.

-Phil

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim] GNU SASL gsasl integration into EximRe: [exim-dev] [exim] GNU SASL gsasl integration into Exim->
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] GNU SASL gsasl integration into Exim[exim] Help with empty sender_domains being rejected when checking a domains whitelist file->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)