GSSAPI and "encoded packet size too big"
Bill MacAllister
whm at stanford.edu
Fri Mar 22 15:04:43 EDT 2013
--On Friday, March 22, 2013 04:21:55 PM +0000 Hugh Cole-Baker <sigmaris at gmail.com> wrote:
> On 22 Mar 2013, at 16:00, cyrus-sasl-request at lists.andrew.cmu.edu wrote:
>
>> We are seeing a problem that looks a lot like this yours. From JNDI
>> clients connecting to our OpenLDAP server on Debian Wheezy connections
>> are failing. If the client makes a GSSAPI connection and uses SASL
>> encryption then the client will fail with a
>> java.lang.NegativeArraySizeException error.
>
> I ran into the same problem with Java interop [1], initially thinking
> it was a Java bug, and found a workaround, which is to set minssf to
> at least 1 in the sasl-secprops setting in OpenLDAP. This might be
> useful - I haven't tried to upgrade to 2.1.26 yet to check if it's
> fixed in that version.
>
> Hugh C-B
>
> [1] http://mail.openjdk.java.net/pipermail/security-dev/2013-February/006665.html
That fixes the problem that we were seeing. Thanks a lot.
I am going to try 2.1.26 as well because it finally includes the
change to make life simpler in a load balanced environment. I let you
know how that goes.
Bill
--
Bill MacAllister
Infrastructure Delivery Group, Stanford University
More information about the Cyrus-sasl
mailing list