On Wed, Apr 30, 2025 at 08:30:16PM +0300, Aki Tuomi via dovecot wrote:
> GSSAPI is one of these pretty opaque protocols. Since it works with mutt, and
> does not work with gsasl, it could be some thing with gsasl.
>
> I can only see one change in mech-gssapi, we use mech_gssapi_krb5_userok()
> always. Also we have added support for final response prosessing, which was
> missing in 2.3.21.1.
>
I've traced the issue to commit 1486c30 ("auth: Add support for channel
binding"). With this commit reverted (along with 848cceb25c2 ("auth:
mech-scram - Implement SCRAM-SHA-1-PLUS and SCRAM-SHA-256-PLUS"), which
depends on it but isn't related to gssapi handling) then authentication
from gsasl is again possible.
I haven't looked deeply into exactly what in this commit is causing the
regression yet.
https://github.com/dovecot/core/commit/1486c30e191
https://github.com/dovecot/core/commit/848cceb25c2
noah
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
