It looks like Dan White may have found and tested a fix for the
ldaps+GSSAPI issues in the tracker. I'd like to have some peer review
of this before I cut the final release on the morning of the 31st
(US/Eastern time).
On 12/22/2017 01:03 PM, Ken Murchison wrote:
Unfortunately, I don't know where to look. Alexey knows way more
about GSS that I do. I do recall from my time at CMU that the kerb
libraries seem to suck at error reporting/logging.
On 12/22/2017 11:49 AM, Dan White wrote:
Ken,
I'm running in to this:
additional info: SASL(-1): generic failure: Unable to find a
callback: 32775
from:
https://github.com/cyrusimap/cyrus-sasl/issues/464
but with GSSAPI, and not GSS-SPNEGO.
In the following scenarios:
ldapwhoami/heimdal -> slapd/mit
ldapwhoami/heimdal -> slapd/heimdal
ldapwhoami/heimdal -> Microsoft AD
But these work:
ldapwhoami/mit -> slapd/mit
ldapwhoami/mit -> MS AD
I can set security properties with the libldab library (ldap.conf(5)). I
tried playing around with maxbufsize, since there are hints that may be
related when searching on google, but it had no effect.
All Heimdal tests are using version 7.5.0, manually compiled.
Do you have suggestions of where to debug?
On 12/20/17 10:14 -0600, Dan White wrote:
Ken,
I'll try to lab up my original test case (for bug 3480) tomorrow
evening.
On 12/20/17 11:00 -0500, Ken Murchison wrote:
We haven't had much, if any, feedback on this release candidate.
Do the GSSAPI/LDAP folks have any further comments on
https://github.com/cyrusimap/cyrus-sasl/issues/419
I'd really like to make a final release by Christmas as promised,
but I also don't want to make a release that folks will have to
patch immediately.
--
Kenneth Murchison
Cyrus Development Team
FastMail Pty Ltd
