On Fri, 2009-08-28 at 15:20 +1000, John Marshall wrote: > This morning I upgraded a dovecot installation from 1.1.16 to 1.2.4 on a > FreeBSD 7.2 server, and then spent 3 hours trying to figure out why > GSSAPI authentication had broken. > > It turned out to be a recent change in Dovecot's mech-gssapi.c to do > with checking for NULs in usernames: everything worked fine when I > disabled that test.
What exactly is the username? What does it say with the attached patch?
diff -r aaa1b2c25c14 src/auth/mech-gssapi.c
--- a/src/auth/mech-gssapi.c Fri Aug 28 12:57:03 2009 -0400
+++ b/src/auth/mech-gssapi.c Fri Aug 28 13:37:33 2009 -0400
@@ -516,7 +516,8 @@
if (data_has_nuls(name, name_len)) {
auth_request_log_info(auth_request, "gssapi",
- "authz_name has NULs");
+ "authz_name has NULs: %s",
+ binary_to_hex(name, name_len));
return -1;
}
signature.asc
Description: This is a digitally signed message part
