Discussion:
Should SASL_MAXOUTBUF be subject of negotiation?
(too old to reply)
MKondrin
2008-05-17 06:50:40 UTC
Permalink
Dear SASL users and developers!

Should sasl_getprop(conn,SASL_MAXBUF,&x) return th same x on client and
server if the security layer is negotiated? But after authentication it
returns the value of secprops.maxbufsize (which can of course be
different on client and server) installed before with sasl_setprop(conn,
SASL_SEC_PROPS, &secprops). Does this mean I have missed some steps in
SASL negotiation? I use cyrus-sasl-2.1.21.

Thank you in advance.

M.Kondrin
MKondrin
2008-05-17 14:15:19 UTC
Permalink
Post by MKondrin
Dear SASL users and developers!
Should sasl_getprop(conn,SASL_MAXBUF,&x) return th same x on client
and server if the security layer is negotiated? But after
authentication it returns the value of secprops.maxbufsize (which can
of course be different on client and server) installed before with
sasl_setprop(conn, SASL_SEC_PROPS, &secprops). Does this mean I have
missed some steps in SASL negotiation? I use cyrus-sasl-2.1.21.
Thank you in advance.
M.Kondrin
RFC2222 states that:

"During the authentication protocol exchange, the mechanism performs
authentication, transmits an authorization identity (frequently known
as a userid) from the client to server, and negotiates the use of a
mechanism-specific security layer. If the use of a security layer is
agreed upon, then the mechanism must also define or negotiate the
maximum cipher-text buffer size that each side is able to receive."

So the SASL_MAXOUTBUF should be negotiated. This means that some steps
are missing or is it bug in plugin?
mkondrin
2008-05-19 16:53:08 UTC
Permalink
Sorry, the problem seems to be caused by old heimdal library (0.7.1) on
client. Upgrading to the latest one (1.1) fixes it.
Post by MKondrin
Post by MKondrin
Dear SASL users and developers!
Should sasl_getprop(conn,SASL_MAXBUF,&x) return th same x on client
and server if the security layer is negotiated? But after
authentication it returns the value of secprops.maxbufsize (which can
of course be different on client and server) installed before with
sasl_setprop(conn, SASL_SEC_PROPS, &secprops). Does this mean I have
missed some steps in SASL negotiation? I use cyrus-sasl-2.1.21.
Thank you in advance.
M.Kondrin
"During the authentication protocol exchange, the mechanism performs
authentication, transmits an authorization identity (frequently known
as a userid) from the client to server, and negotiates the use of a
mechanism-specific security layer. If the use of a security layer is
agreed upon, then the mechanism must also define or negotiate the
maximum cipher-text buffer size that each side is able to receive."
So the SASL_MAXOUTBUF should be negotiated. This means that some steps
are missing or is it bug in plugin?
Loading...