problems with clients and cyrus-sasl-2.1.22

Alexey Melnikov alexey.melnikov at isode.com
Wed May 24 12:51:48 EDT 2006


Huaqing Zheng wrote:

> I'm having some problems with clients linked against Cyrus SASL
> 2.1.22.  Running imtest linked against 2.1.22 against an cyrus-imapd
> server (also linked against 2.1.22) with GSSAPI authentication shows:
>
> C: A01 AUTHENTICATE GSSAPI BLAHBLAHBLAH
> S: + BLAHBLAHBLAH
> Authentication failed. generic failure
> Security strength factor: 0
>
> and this in the imap logs:
> May 23 15:48:01 pobox09 imap[26261]: badlogin: pobox09.stanford.edu
> [171.67.22.15] GSSAPI [SASL(0): successful result: security flags do
> not match required]

There were no changes to the GSSAPI plugin in 2.1.22 (no changes since 
2.1.21 anyway).
I can't think of any changes in libsasl that would affect GSSAPI plugin.
The change regarding location of server side configuration files only 
affects server side, so it wouldn't explain the behavior you described 
below.

> Same happens with Kerberos 4.  PLAIN and LOGIN both work fine, which
> indicates that saslauthd is running fine against GSSAPI.  Note that
> running the 2.1.22 client against a 2.1.21 server gives the same thing
> whereas running the 2.1.21 client against the 2.1.22 server is working
> fine.
>
> Any ideas?  Do I have to rebuild the clients against the 2.1.22
> libraries to pick up an API change or something?

Generally it is a good idea.

Can you email me more information about your configuration off-list?

Alexey



More information about the Cyrus-sasl mailing list