On Mon, 10 Apr 2006, Paul Fardy wrote:
I'm working, first, with my own Mail client Mac OS X Mail.app which looks
like its do "a" right thing (perhaps not "the"). It requests access to the
principal "host/[EMAIL PROTECTED]". My Kerberized imapd looks for the
principal "imap/[EMAIL PROTECTED]" and fails to find it.
imapd is doing the right thing. Refer to RFC 2222, section 7.2.1:
The client calls GSS_Init_sec_context, passing in 0 for
input_context_handle (initially) and a targ_name equal to output_name
from GSS_Import_Name called with input_name_type of
GSS_C_NT_HOSTBASED_SERVICE and input_name_string of
"[EMAIL PROTECTED]" where "service" is the service name specified in
the protocol's profile, and "hostname" is the fully qualified host
name of the server.
The service name in the IMAP protocol's profile is "imap", not "host" as
per RFC 3501, section 6.2.2.
BTW, I'm looking use this with Pubcookie and IMP so any additional notes
about that would be appreciated.
I think that IMP uses PHP which uses c-client, which will also use the
"imap" service name. So will Pine.
So, if your report is correct, this looks to be a bug in Mail.app. I
don't recall if I ever tried Mail.app with our (kerberized) IMAP servers.
I tried it once, then went back to Pine.
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
_______________________________________________
Imap-uw mailing list
[email protected]
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
