On Fri, May 02, 2025 at 04:57:42AM +0200, Stephan Bosch wrote:
> I am having some difficulty setting up an environment to test this right
> now, but I think this should fix it:
>
> diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c
> index 57a2b125b2..4ff5716528 100644
> --- a/src/auth/mech-gssapi.c
> +++ b/src/auth/mech-gssapi.c
> @@ -672,7 +672,7 @@ mech_gssapi_auth_initial(struct auth_request *request,
>
> if (data_size == 0) {
> /* The client should go first */
> - auth_request_handler_reply_continue(request, NULL, 0);
> + auth_request_handler_reply_continue(request,
> uchar_empty_ptr, 0);
> } else {
> mech_gssapi_auth_continue(request, data, data_size);
> }
>
Thank you, this does seem to fix the issue.
In case it helps, I've found the test script used by gsasl and
libgssglue to be quite useful for testing this functionality. It sets
up a minimal Kerberos realm, dovecot server, and GSSAPI IMAP client. A
version that works with dovecot 2.4 is available at
https://salsa.debian.org/noahm/libgssglue/-/blob/0504956891696208d412cceb9127616b7c1bb731/debian/tests/gsasl-dovecot-gssapi.sh
noah
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
