GSSAPI and "encoded packet size too big"

Hugh Cole-Baker sigmaris at gmail.com
Fri Mar 22 12:21:55 EDT 2013


On 22 Mar 2013, at 16:00, cyrus-sasl-request at lists.andrew.cmu.edu wrote:

> We are seeing a problem that looks a lot like this yours.  From JNDI
> clients connecting to our OpenLDAP server on Debian Wheezy connections
> are failing.  If the client makes a GSSAPI connection and uses SASL
> encryption then the client will fail with a
> java.lang.NegativeArraySizeException error.

I ran into the same problem with Java interop [1], initially thinking
it was a Java bug, and found a workaround, which is to set minssf to
at least 1 in the sasl-secprops setting in OpenLDAP. This might be
useful - I haven't tried to upgrade to 2.1.26 yet to check if it's
fixed in that version.

Hugh C-B

[1] http://mail.openjdk.java.net/pipermail/security-dev/2013-February/006665.html



More information about the Cyrus-sasl mailing list