I've now spent a few days figuring out how to do GSSAPI authentication with IMAP, and I have now managed to complete a full handshake from GNUS with a Microsoft Exchange server using GSSAPI.
Immediately after authentication is complete, the connection switches to GSSAPI mode where each packet needs to pass through a call to ‘gss-unwrap’, and the data sent to the server also needs to be split into packets which are wrapped using a call to ‘gss-wrap’. The situation is further complicated by the fact that the server can limit the maximum packet size during initial handshake.
I need some advice from someone who is well-versed in the internals of GNUS to explain where I should add the code to handle this.
At first I was looking at create a new ‘nnimap-stream’ type to represent this, but the connection is already inside a TLS connection which already uses ‘ssl’ or ‘starttls’ here. The GSSAPI authentication is independent of the actual connection type, but it wraps all the IMAP commands that are transmitted over it.
What approach should I take here?