Huaqing Zheng wrote:
I'm having some problems with clients linked against Cyrus SASL
2.1.22. Running imtest linked against 2.1.22 against an cyrus-imapd
server (also linked against 2.1.22) with GSSAPI authentication shows:
C: A01 AUTHENTICATE GSSAPI BLAHBLAHBLAH
S: + BLAHBLAHBLAH
Authentication failed. generic failure
Security strength factor: 0
and this in the imap logs:
May 23 15:48:01 pobox09 imap[26261]: badlogin: pobox09.stanford.edu
[171.67.22.15] GSSAPI [SASL(0): successful result: security flags do
not match required]
There were no changes to the GSSAPI plugin in 2.1.22 (no changes since
2.1.21 anyway).
I can't think of any changes in libsasl that would affect GSSAPI plugin.
The change regarding location of server side configuration files only
affects server side, so it wouldn't explain the behavior you described
below.
Same happens with Kerberos 4. PLAIN and LOGIN both work fine, which
indicates that saslauthd is running fine against GSSAPI. Note that
running the 2.1.22 client against a 2.1.21 server gives the same thing
whereas running the 2.1.21 client against the 2.1.22 server is working
fine.
Any ideas? Do I have to rebuild the clients against the 2.1.22
libraries to pick up an API change or something?
Generally it is a good idea.
Can you email me more information about your configuration off-list?
Alexey
