In pop3-login/client-authenticate.c, when sasl_server_auth_begin() is
called, it does so with the service name of "POP3". GSSAPI uses this
service name when obtaining its service credentials. The problem is
that according to http://www.iana.org/assignments/gssapi-service-names ,
the service name should instead be simply "pop". This causes GSSAPI
authentication to fail when used with a POP3 account.
I have created a small patch that corrects this problem for GSSAPI only,
as I do not know if other mechanisms are affected by this.
--Tim Steiner
----------------------------START PATCH----------------------------
diff -ruN dovecot-1.0.beta8/src/auth/mech-gssapi.c
dovecot-1.0.beta8.new/src/auth/mech-gssapi.c
--- dovecot-1.0.beta8/src/auth/mech-gssapi.c 2006-09-18 17:35:02.000000000
-0500
+++ dovecot-1.0.beta8.new/src/auth/mech-gssapi.c 2006-09-18
17:37:46.000000000 -0500
@@ -101,7 +101,11 @@
gss_name_t gss_principal;
principal_name = t_str_new(128);
- str_append(principal_name, t_str_lcase(request->service));
+ if(strcmp(request->service, "POP3") == 0) {
+ str_append(principal_name, "pop");
+ } else {
+ str_append(principal_name, t_str_lcase(request->service));
+ }
str_append_c(principal_name, '@');
str_append(principal_name, my_hostname);
-----------------------------END PATCH-----------------------------