Actually check for strong authentication methods if the user specified that
one should be used, and when performing GSSAPI authentication to a POP server,
use "pop" as the service name, per RFC1734.  Otherwise we break when talking
to the UW POP server, which conforms to the spec.

--- fetchmail-6.2.0/fetchmail.h	2003-11-14 14:51:56.000000000 -0500
+++ fetchmail-6.2.0/fetchmail.h	2003-11-14 14:52:27.000000000 -0500
@@ -584,7 +584,7 @@
 /* authentication functions */
 int do_cram_md5(int sock, char *command, struct query *ctl, char *strip);
 int do_rfc1731(int sock, char *command, char *truename);
-int do_gssauth(int sock, char *command, char *hostname, char *username);
+int do_gssauth(int sock, char *command, char *service, char *hostname, char *username);
 int do_otp(int sock, char *command, struct query *ctl);
 
 /* miscellanea */
--- fetchmail-6.2.0/gssapi.c	2003-11-14 14:53:04.000000000 -0500
+++ fetchmail-6.2.0/gssapi.c	2003-11-14 14:53:00.000000000 -0500
@@ -38,7 +38,7 @@
 #define GSSAUTH_P_INTEGRITY 2
 #define GSSAUTH_P_PRIVACY   4
 
-int do_gssauth(int sock, char *command, char *hostname, char *username)
+int do_gssauth(int sock, char *command, char *service, char *hostname, char *username)
 {
     gss_buffer_desc request_buf, send_token;
     gss_buffer_t sec_token;
@@ -53,7 +53,7 @@
     int result;
 
     /* first things first: get an imap ticket for host */
-    sprintf(buf1, "imap(_at_)%s", hostname);
+    sprintf(buf1, "%s(_at_)%s", service, hostname);
     request_buf.value = buf1;
     request_buf.length = strlen(buf1) + 1;
     maj_stat = gss_import_name(&min_stat, &request_buf, GSS_C_NT_HOSTBASED_SERVICE,
--- fetchmail-6.2.0/imap.c	2003-11-14 14:53:17.000000000 -0500
+++ fetchmail-6.2.0/imap.c	2003-11-14 14:53:13.000000000 -0500
@@ -332,7 +332,7 @@
     if ((ctl->server.authenticate == A_ANY 
 	 || ctl->server.authenticate == A_GSSAPI)
 	&& strstr(capabilities, "AUTH=GSSAPI"))
-	if(ok = do_gssauth(sock, "AUTHENTICATE", ctl->server.truename, ctl->remotename))
+	if(ok = do_gssauth(sock, "AUTHENTICATE", "imap", ctl->server.truename, ctl->remotename))
 	{
 	    /* SASL cancellation of authentication */
 	    gen_send(sock, "*");
--- fetchmail-6.2.0/pop3.c	2003-11-14 15:07:43.000000000 -0500
+++ fetchmail-6.2.0/pop3.c	2003-11-14 15:09:42.000000000 -0500
@@ -199,7 +199,12 @@
 	 * These authentication methods are blessed by RFC1734,
 	 * describing the POP3 AUTHentication command.
 	 */
-	if (ctl->server.authenticate == A_ANY)
+	if ((ctl->use_ssl != FLAG_FALSE) ||
+	    (ctl->server.authenticate == A_ANY) ||
+	    (ctl->server.authenticate == A_GSSAPI) ||
+	    (ctl->server.authenticate == A_KERBEROS_V4) ||
+	    (ctl->server.authenticate == A_OTP) ||
+	    (ctl->server.authenticate == A_CRAM_MD5))
 	{
 	    ok = gen_transact(sock, "CAPA");
 	    if (ok == PS_SUCCESS)
@@ -305,7 +310,7 @@
 	    (ctl->server.authenticate == A_GSSAPI ||
 	     ctl->server.authenticate == A_ANY))
 	{
-	    ok = do_gssauth(sock,"AUTH",ctl->server.truename,ctl->remotename);
+	    ok = do_gssauth(sock,"AUTH","pop",ctl->server.truename,ctl->remotename);
 	    if (ok == PS_SUCCESS || ctl->server.authenticate != A_ANY)
 		break;
 	}