Re: [exim] Testing needed: heimdal_gssapi authenticator

Top Page

Reply to this message
Author: Phil Pennock
Date:  
To: exim-users, exim-dev
Subject: Re: [exim] Testing needed: heimdal_gssapi authenticator
On 2012-03-20 at 21:52 -0700, Phil Pennock wrote:
> So: with no usercode filled in, Apple Mail does not set an authzid for
> the request; it's not clear to me if this is allowed by RFC 4752, but I
> will change Exim to support it and just dup the authen id to authzid for
> that case (and only commit that if it's clear that this is sufficient to
> fix).


That was sufficient to fix. Committed to master and pushed to main
repo.

Exim's heimdal_gssapi now works with Apple Mail using IPv6/TLS/GSSAPI to
connect, as long as:

* the usercode field is left empty; or
* the usercode field is not fully qualified

Fully qualifying the usercode to include a realm in Apple Mail leads to
buggy behaviour by the client which Exim can't work around.


My previous testing was with mutt, which doesn't trigger authentication
unless there's a user in the smtp_url, so there's *always* an authzid
from mutt.

-Phil