On Tue, 28 Jun 2005, Erik wrote:
One question I have is, why does the process default to using GSSAPI
when a username and pw is provided?
There is no such thing as "providing a password" in the c-client library.
c-client only obtains passwords on demand.
Any user name provided to c-client is used by GSSAPI. The server verifies
that the Kerberos credentials authenticated by c-client are allowed to use
that user name. There is a mechanism in c-client to permit setting up
administrative users that can log in as other users; the administrative
user uses his credentials for GSSAPI and supplies the victim's user name
as the name to log in.
And / or, if it wants to try using
GSSAPI, but that doesn't work, why doesn't it continue and try the plain
method?
c-client does, but only SASL mechanisms; it never uses the LOGIN command
if the server offers SASL mechanisms. So, if the server advertises GSSAPI
and PLAIN, it will try GSSAPI first and then PLAIN.
Perhaps there is something wrong in PHP that causes the problem.
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
_______________________________________________
Imap-uw mailing list
[email protected]
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
