SASL 2.1.27 rc6
Ken Murchison
murch at fastmail.com
Wed Dec 27 14:53:51 EST 2017
It looks like Dan White may have found and tested a fix for the
ldaps+GSSAPI issues in the tracker. I'd like to have some peer review
of this before I cut the final release on the morning of the 31st
(US/Eastern time).
On 12/22/2017 01:03 PM, Ken Murchison wrote:
> Unfortunately, I don't know where to look. Alexey knows way more
> about GSS that I do. I do recall from my time at CMU that the kerb
> libraries seem to suck at error reporting/logging.
>
>
> On 12/22/2017 11:49 AM, Dan White wrote:
>> Ken,
>>
>> I'm running in to this:
>>
>> additional info: SASL(-1): generic failure: Unable to find a
>> callback: 32775
>>
>> from:
>>
>> https://github.com/cyrusimap/cyrus-sasl/issues/464
>>
>> but with GSSAPI, and not GSS-SPNEGO.
>>
>> In the following scenarios:
>>
>> ldapwhoami/heimdal -> slapd/mit
>> ldapwhoami/heimdal -> slapd/heimdal
>> ldapwhoami/heimdal -> Microsoft AD
>>
>> But these work:
>>
>> ldapwhoami/mit -> slapd/mit
>> ldapwhoami/mit -> MS AD
>>
>> I can set security properties with the libldab library (ldap.conf(5)). I
>> tried playing around with maxbufsize, since there are hints that may be
>> related when searching on google, but it had no effect.
>>
>> All Heimdal tests are using version 7.5.0, manually compiled.
>>
>> Do you have suggestions of where to debug?
>>
>> On 12/20/17 10:14 -0600, Dan White wrote:
>>> Ken,
>>>
>>> I'll try to lab up my original test case (for bug 3480) tomorrow
>>> evening.
>>>
>>> On 12/20/17 11:00 -0500, Ken Murchison wrote:
>>>> We haven't had much, if any, feedback on this release candidate.
>>>>
>>>> Do the GSSAPI/LDAP folks have any further comments on
>>>> https://github.com/cyrusimap/cyrus-sasl/issues/419
>>>>
>>>> I'd really like to make a final release by Christmas as promised,
>>>> but I also don't want to make a release that folks will have to
>>>> patch immediately.
>>
>
--
Kenneth Murchison
Cyrus Development Team
FastMail Pty Ltd
More information about the Cyrus-sasl
mailing list