From 940a27400e1d8cec7dc6cd87d8f9fc691fa317df Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 25 Nov 2016 08:23:21 +0100
Subject: [PATCH] Use GSSAPI only if configured (#5530)

---
 program/lib/Roundcube/rcube_imap_generic.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/program/lib/Roundcube/rcube_imap_generic.php b/program/lib/Roundcube/rcube_imap_generic.php
index 9f5f6e8ed..6174286f7 100644
--- a/program/lib/Roundcube/rcube_imap_generic.php
+++ b/program/lib/Roundcube/rcube_imap_generic.php
@@ -855,6 +855,7 @@ class rcube_imap_generic
             if ($auth_caps = $this->getCapability('AUTH')) {
                 $auth_methods = $auth_caps;
             }
+
             // RFC 2595 (LOGINDISABLED) LOGIN disabled when connection is not secure
             $login_disabled = $this->getCapability('LOGINDISABLED');
             if (($key = array_search('LOGIN', $auth_methods)) !== false) {
@@ -867,7 +868,12 @@ class rcube_imap_generic
             }
 
             // Use best (for security) supported authentication method
-            $all_methods = array('GSSAPI', 'DIGEST-MD5', 'CRAM-MD5', 'CRAM_MD5', 'PLAIN', 'LOGIN');
+            $all_methods = array('DIGEST-MD5', 'CRAM-MD5', 'CRAM_MD5', 'PLAIN', 'LOGIN');
+
+            if (!empty($this->prefs['gssapi_cn'])) {
+                array_unshift($all_methods, 'GSSAPI');
+            }
+
             foreach ($all_methods as $auth_method) {
                 if (in_array($auth_method, $auth_methods)) {
                     break;