GSSAPI and "encoded packet size too big"

Bill MacAllister whm at stanford.edu
Fri Mar 22 15:04:43 EDT 2013



--On Friday, March 22, 2013 04:21:55 PM +0000 Hugh Cole-Baker <sigmaris at gmail.com> wrote:

> On 22 Mar 2013, at 16:00, cyrus-sasl-request at lists.andrew.cmu.edu wrote:
>
>> We are seeing a problem that looks a lot like this yours.  From JNDI
>> clients connecting to our OpenLDAP server on Debian Wheezy connections
>> are failing.  If the client makes a GSSAPI connection and uses SASL
>> encryption then the client will fail with a
>> java.lang.NegativeArraySizeException error.
>
> I ran into the same problem with Java interop [1], initially thinking
> it was a Java bug, and found a workaround, which is to set minssf to
> at least 1 in the sasl-secprops setting in OpenLDAP. This might be
> useful - I haven't tried to upgrade to 2.1.26 yet to check if it's
> fixed in that version.
>
> Hugh C-B
>
> [1] http://mail.openjdk.java.net/pipermail/security-dev/2013-February/006665.html

That fixes the problem that we were seeing.  Thanks a lot.

I am going to try 2.1.26 as well because it finally includes the
change to make life simpler in a load balanced environment.  I let you
know how that goes.

Bill

-- 

Bill MacAllister
Infrastructure Delivery Group, Stanford University



More information about the Cyrus-sasl mailing list