[Dovecot] [PATCH] Support GSS-SPNEGO natively
Jason Gunthorpe
jgunthorpe at obsidianresearch.com
Tue Aug 12 20:04:55 EEST 2008
On Tue, Aug 12, 2008 at 10:27:40AM +0200, Angel Marin wrote:
> Jason Gunthorpe wrote:
> >I cooked this up while trying to figure out why thunderbird on Windows
> >w/ SSPI was not working, but it turned out thunderbird does not use
> >it, so I haven't been able to test it yet. I'm presenting it for
> >discussion only, unless someone else can try it :)
>
> thunderbird does all combinations of GSS auth w/ & w/o SSPI I've ever
> tried; it's just a pain to find the correct combination of
> network.negotiate-auth.* and network.auth.use-sspi settings for any
> given case :) (plus enabling secure auth for the TB account at test)
Really? I was looking through the source to TB and I can't find where
it would use AUTH=GSS-SPNEGO..
For instance in
mailnews/imap/src/nsImapServerResponseParser.cpp
Where it parses the CAPABILITY reply it only looks for AUTH=GSSAPI
Then when it goes to do the auth DoGSSAPIStep1 creates a sasl-gssapi
which creates either a kerb-gss or a kerb-sspi and both of those set
PACKAGE_KERBEROS to disable SPNEGO.
I've been assuming AUTH=GSS-SPNEGO is only used by outlook?
Jason
More information about the dovecot
mailing list