[PATCH] Fix gssapi with multiple connections

sjh at foolishpride.org sjh at foolishpride.org
Thu Jun 2 22:04:52 BST 2011

From: Scott Henson <shenson at redhat.com>

Fix a gssapi issue where threads beyond the first would not
 be able to authenticate against the imap server. This is
 done by using the connection lock around the gssapi
 authentication code and resetting (and releasing) the
 kerberos state after success so that subsequent connections
 may make use of kerberos.

 offlineimap/imapserver.py |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/offlineimap/imapserver.py b/offlineimap/imapserver.py
index 7703879..a20bd88 100644
--- a/offlineimap/imapserver.py
+++ b/offlineimap/imapserver.py
@@ -213,6 +213,7 @@ class IMAPServer:
                         # Try GSSAPI and continue if it fails
                         if 'AUTH=GSSAPI' in imapobj.capabilities and have_gss:
+                            self.connectionlock.acquire()
                                 'Attempting GSSAPI authentication')
@@ -223,8 +224,12 @@ class IMAPServer:
                                     'GSSAPI Authentication failed')
                                 self.gssapi = True
+                                kerberos.authGSSClientClean(self.gss_vc)
+                                self.gss_vc = None
+                                self.gss_step = self.GSS_STATE_STEP
                                 #if we do self.password = None then the next attempt cannot try...
                                 #self.password = None
+                            self.connectionlock.release()
                         if not self.gssapi:
                             if 'AUTH=CRAM-MD5' in imapobj.capabilities:

More information about the OfflineIMAP-project mailing list