Should SASL_MAXOUTBUF be subject of negotiation?
mkondrin
mkondrin at hppi.troitsk.ru
Mon May 19 12:53:08 EDT 2008
Sorry, the problem seems to be caused by old heimdal library (0.7.1) on
client. Upgrading to the latest one (1.1) fixes it.
> MKondrin wrote:
>> Dear SASL users and developers!
>>
>> Should sasl_getprop(conn,SASL_MAXBUF,&x) return th same x on client
>> and server if the security layer is negotiated? But after
>> authentication it returns the value of secprops.maxbufsize (which can
>> of course be different on client and server) installed before with
>> sasl_setprop(conn, SASL_SEC_PROPS, &secprops). Does this mean I have
>> missed some steps in SASL negotiation? I use cyrus-sasl-2.1.21.
>>
>> Thank you in advance.
>>
>> M.Kondrin
>>
>
> RFC2222 states that:
>
> "During the authentication protocol exchange, the mechanism performs
> authentication, transmits an authorization identity (frequently known
> as a userid) from the client to server, and negotiates the use of a
> mechanism-specific security layer. If the use of a security layer is
> agreed upon, then the mechanism must also define or negotiate the
> maximum cipher-text buffer size that each side is able to receive."
>
> So the SASL_MAXOUTBUF should be negotiated. This means that some steps
> are missing or is it bug in plugin?
>
>
More information about the Cyrus-sasl
mailing list