Two issues fixed here:
- ints are not comparable with bytes, so char was never == to b',', which
renders the whole function pointless
- The bytes were converted back to “characters” by using chr(), which
doesn’t make sense if the username contains characters that fit on more
than one bytes. This would trigger an “invalid username” error from the
server when using a non-ascii JID.
When the GSSAPI mechanism's process() function is invoked for the third time (on success) it must not attempt further processing. Instead it should clean the context and return an empty response.
Replaced the reference to kerberos.GSSError.message in any raised exception, because:
DeprecationWarning: BaseException.message has been deprecated as of Python 2.6
and its natural repr is probably the most desirable output.