On 2012-03-20 at 21:52 -0700, Phil Pennock wrote: > So: with no usercode filled in, Apple Mail does not set an authzid for
> the request; it's not clear to me if this is allowed by RFC 4752, but I
> will change Exim to support it and just dup the authen id to authzid for
> that case (and only commit that if it's clear that this is sufficient to
> fix).
That was sufficient to fix. Committed to master and pushed to main
repo.
Exim's heimdal_gssapi now works with Apple Mail using IPv6/TLS/GSSAPI to
connect, as long as:
* the usercode field is left empty; or
* the usercode field is not fully qualified
Fully qualifying the usercode to include a realm in Apple Mail leads to
buggy behaviour by the client which Exim can't work around.
My previous testing was with mutt, which doesn't trigger authentication
unless there's a user in the smtp_url, so there's *always* an authzid
from mutt.
