GSSAPI and "encoded packet size too big"
Ragnar Sundblad
ragge at csc.kth.se
Sun Feb 10 18:04:14 EST 2013
Hello all,
We are modernizing our Cyrus IMAP server, and are using
cyrus sasl 2.1.26 and imap server 2.4.17.
We get "encoded packet size too big (8252 > 8192)" paired with
"decoding error: generic failure; SASL(-1): generic failure: security
flags do not match required, closing connection" when the imap proxy
is talking to the imapd.
I have tracked down the "too big" message to _plug_decode() in
plugins/plugin_common.c.
To me, it looks like if it is comparing the size of the input packet
to the maximum allowed size of the decoded data.
Wouldn't it be completely valid for a wrapped (encrypted) packet to
be slightly larger than the plain text? Is the code doing the wrong
thing here?
Thanks for your help!
/ragge
Ragnar Sundblad
Systems specialist
KTH - Royal Institute of Technology
Stockholm, Sweden
More information about the Cyrus-sasl
mailing list