In pop3-login/client-authenticate.c, when sasl_server_auth_begin() is called, it does so with the service name of "POP3". GSSAPI uses this service name when obtaining its service credentials. The problem is that according to http://www.iana.org/assignments/gssapi-service-names , the service name should instead be simply "pop". This causes GSSAPI authentication to fail when used with a POP3 account. I have created a small patch that corrects this problem for GSSAPI only, as I do not know if other mechanisms are affected by this. --Tim Steiner ----------------------------START PATCH---------------------------- diff -ruN dovecot-1.0.beta8/src/auth/mech-gssapi.c dovecot-1.0.beta8.new/src/auth/mech-gssapi.c --- dovecot-1.0.beta8/src/auth/mech-gssapi.c 2006-09-18 17:35:02.000000000 -0500 +++ dovecot-1.0.beta8.new/src/auth/mech-gssapi.c 2006-09-18 17:37:46.000000000 -0500 @@ -101,7 +101,11 @@ gss_name_t gss_principal; principal_name = t_str_new(128); - str_append(principal_name, t_str_lcase(request->service)); + if(strcmp(request->service, "POP3") == 0) { + str_append(principal_name, "pop"); + } else { + str_append(principal_name, t_str_lcase(request->service)); + } str_append_c(principal_name, '@'); str_append(principal_name, my_hostname); -----------------------------END PATCH-----------------------------