View the Most Wanted LQ Wiki articles.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


Search this Thread
Old 08-07-2007, 03:38 PM   #1
Registered: Mar 2005
Location: chicago
Distribution: red hat 9.0
Posts: 59

Rep: Reputation: 15
Question GSSAPI and Cyrus SASL: testing failed

Cyrus SASL lib and MIT kerberos installed.

But testing w/ negotiation between sample-server and sample-client failed:

run "./sample-server -s ldap -p ../plugins/.libs" gives me

Generating client mechanism list...
Sending list of 7 mechanism(s)
Waiting for client mechanism...
run "./sample-client -s ldap -n -u user -p ../plugins/.libs" gives me

Waiting for mechanism list from server...
where "ldap" and "user" is in kerberos and "kinit user" succeeds and kerberos should work (can be used for login with pam_krb5) and keys are extracted to krb5.keytab.

Then, after copy the whole line from "S:" to client, client script quit and complains the following:

lt-sample-client: Decoding data from base64: bad protocol / cancel
In fact, the same error message is shown no matter if a "kinit" is issued previously or no "-s", "-p", "-n", or "-u" used for sample-server and sample-client at all.

or maybe the line starting w/ "S:" was not correctly copied and pasted to the client side? I tried to copy and paste until the last "=" sign but the client just sit there and did nothing. So, I guess the client should wait for some terminating char(s). Then I tried to hit "Enter" but that gave me the same error...

So, what might cause this problem? Could be configuration option like mit kerberos gssapi lib path or something?


Last edited by licht; 08-07-2007 at 04:28 PM.
Old 08-07-2007, 06:35 PM   #2
Registered: Mar 2005
Location: chicago
Distribution: red hat 9.0
Posts: 59

Original Poster
Rep: Reputation: 15
Solved and new problems found.

Cause: this seems to be a bug coming with cyrus-sasl-2.1.22. There are 2 places in "samp_recv()". One in sample-server.c and the other in sample-client.c. When whole line (S: or C: ) is copied there is a NEWLINE after the exchange message text. In "samp_recv()", the length of this exchange message text is calculated as "(unsigned) strlen(buf + 3)". But correct length should be ONE LESS of this value. As a result, wrong length caused either server and client to see a wrong encoded text and quit at the end.

Sol: find where "sasl_decode64" is called in "samp_recv()" in both .c files and make them look like this:

result = sasl_decode64(buf + 3, (unsigned) strlen(buf + 3) -1, buf, SAMPLE_SEC_BUF_SIZE, &len);
New problem:
- Copy 1st "S:" line from server to client
- Client prompts the following message and then generate "C:" line.

returning OK: user
Using mechanism GSSAPI
Preparing initial.
Sending initial response...
- Copy this "C:" line to the server, server displays the following error message:

got 'GSSAPI'
lt-sample-server: SASL Other: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Wrong principal in request)
lt-sample-server: Starting SASL negotiation: authentication failure (authentication failure)
Any thoughts about this? Thanks!

Last edited by licht; 08-07-2007 at 06:47 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
i have a problem with cyrus-sasl-2.1.22, help me please! bss Linux - Server 4 12-20-2006 05:11 AM
Help Regarding Cyrus SASL pushpraj Linux - Newbie 1 11-28-2006 05:11 PM
Cyrus SASL authd tommytomato Linux - Software 0 05-09-2006 02:12 AM
ldap SASL GSSAPI , unknown authorization mechanism mesh2005 Linux - Networking 0 11-20-2005 09:16 AM
Cyrus SASL help littlebill Red Hat 0 10-02-2004 09:43 PM

All times are GMT -5. The time now is 05:20 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration