On Fri, 2012-03-02 at 00:57 +1300, Mark Davies wrote:
On 03/02/12 00:52, Timo Sirainen wrote:
so what bit of the code should I be looking at to see what happens between the "security context state completed" and the "client out"?
All of the code is in mech-gssapi.c
Yes, I'm just trying to work out the flow of the calls in and out of there.
The problem is that that mech_gssapi_sec_context() calls gss_accept_sec_context(), which is supposed to return some output in output_token, but it doesn't. So I don't think there's anything in Dovecot code that is helpful in debugging this. You'd have to look into the GSSAPI/Kerbereros libraries.
Are these working vs. non-working Dovecots in same or different servers?
All the working and non working connections are against a single dovecot instance, just using different clients.
Oh. So GSSAPI in general is working, just not with kmail. I think if you downgraded to Dovecot v2.0 in your current system it would fail as well. The difference between your previously working system and currently working system is the GSSAPI/Kerberos libraries.