GSSAPI and "encoded packet size too big"
Bill MacAllister
whm at stanford.edu
Sun Mar 24 00:47:09 EDT 2013
--On Friday, March 22, 2013 12:04:43 PM -0700 Bill MacAllister <whm at stanford.edu> wrote:
>
>
> --On Friday, March 22, 2013 04:21:55 PM +0000 Hugh Cole-Baker <sigmaris at gmail.com> wrote:
>
>> On 22 Mar 2013, at 16:00, cyrus-sasl-request at lists.andrew.cmu.edu wrote:
>>
>>> We are seeing a problem that looks a lot like this yours. From JNDI
>>> clients connecting to our OpenLDAP server on Debian Wheezy connections
>>> are failing. If the client makes a GSSAPI connection and uses SASL
>>> encryption then the client will fail with a
>>> java.lang.NegativeArraySizeException error.
>>
>> I ran into the same problem with Java interop [1], initially thinking
>> it was a Java bug, and found a workaround, which is to set minssf to
>> at least 1 in the sasl-secprops setting in OpenLDAP. This might be
>> useful - I haven't tried to upgrade to 2.1.26 yet to check if it's
>> fixed in that version.
>>
>> Hugh C-B
>>
>> [1] http://mail.openjdk.java.net/pipermail/security-dev/2013-February/006665.html
>
> That fixes the problem that we were seeing. Thanks a lot.
>
> I am going to try 2.1.26 as well because it finally includes the
> change to make life simpler in a load balanced environment. I let you
> know how that goes.
And I confirmed that 2.1.26 also fixes this problem.
Thanks again.
Bill
--
Bill MacAllister
Infrastructure Delivery Group, Stanford University
More information about the Cyrus-sasl
mailing list