GSSAPI cyradm problem
Christopher Maxwell
list-info-cyrus at themanor.net
Mon Apr 12 12:13:39 EDT 2004
> > > Apr 10 23:45:24 kenwood perl: encoded packet size too big (4163 > 4096)
> > > Apr 10 23:45:40 kenwood perl: GSSAPI Error: A token was invalid (Token
> > > header
> > > is malformed or corrupt)
Was seeing the same error here with Cyrus-2.2.3 & Sasl-2.1.17. The
interesting thing is that it only showed up when we enabled AES for
kerberos (Heimdel).
The simplest fix, though I cannot remember who first proposed it, was to
modify src/plugins/gssapi.c in SASL:
@@ -1419,7 +1425,7 @@
if(oparams->mech_ssf) {
/* xxx probably too large */
- oparams->maxoutbuf -= 50;
+ oparams->maxoutbuf -= 128;
}
gss_release_buffer(&min_stat, output_token);
--
Christopher Maxwell
christopher at themanor.net
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list