search for: 023868

...splay these two values in human-readable format to illustrate the issue. Because these two GSS names differ, Dovecot refuses to allow access in spite of the fact that krb5_kuserok would return TRUE. I am not the only one to have noticed this problem: http://dovecot.org/pipermail/dovecot/2007-July/023868.html http://dovecot.org/pipermail/dovecot/2007-October/026027.html Might I suggest that some more robust security checking be done instead of abusing gss_compare_name like this? I don't know how to do this using GSSAPI, but on the Kerberos side Heimdal provides the function krb5_kuserok. Dov...