[Bug 1015819] Re: sb_sasl_generic_pkt_length: received illegal packet length when using ldapsearch and sasl with ssl or tls

Michael Osipov 1015819 at bugs.launchpad.net
Wed May 6 20:19:04 UTC 2015 

I highly fear that the code cannot be changed that easily because
Microsoft screwed up the RFC. The RFC
(https://tools.ietf.org/html/rfc4752#section-3.1) says:

3.1.  Client Side of Authentication Protocol Exchange

   The client calls GSS_Init_sec_context, passing in
   input_context_handle of 0 (initially), mech_type of the Kerberos V5
   GSS-API mechanism [KRB5GSS], chan_binding of NULL, and targ_name
   equal to output_name from GSS_Import_Name called with input_name_type
   of GSS_C_NT_HOSTBASED_SERVICE (*) and input_name_string of
   "service at hostname" where "service" is the service name specified in
   the protocol's profile, and "hostname" is the fully qualified host
   name of the server.  When calling the GSS_Init_sec_context, the
   client MUST pass the integ_req_flag of TRUE (**).  If the client will
   be requesting a security layer, it MUST also supply to the
   GSS_Init_sec_context a mutual_req_flag of TRUE, and a
   sequence_req_flag of TRUE.  If the client will be requesting a
   security layer providing confidentiality protection, it MUST also
   supply to the GSS_Init_sec_context a conf_req_flag of TRUE.  The
   client then responds with the resulting output_token.  If
   GSS_Init_sec_context returns GSS_S_CONTINUE_NEEDED, then the client
   should expect the server to issue a token in a subsequent challenge.
   The client must pass the token to another call to
   GSS_Init_sec_context, repeating the actions in this paragraph.

The Cyrus SASL implementation is correct and Microsoft's is not! Any
thoughts?

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/1015819

Title:
  sb_sasl_generic_pkt_length: received illegal packet length when using
  ldapsearch and sasl with ssl or tls

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1015819/+subscriptions

More information about the Ubuntu-server-bugs mailing list