On 31/05/2023 12:00 EEST Thomas Lemarchand via dovecot <dovecot@dovecot.org> wrote:
Hi !
Are you saying I should open a bug report for Thunderbird developers ? I did not find a reference to a 998 bytes limit, do you have something I can refer to ?
Thank you.
Thomas Lemarchand
On 5/30/23 20:35, Aki Tuomi via dovecot wrote:
On 30/05/2023 20:54 EEST Thomas Lemarchand via dovecot <dovecot@dovecot.org> wrote:
Hello,
On version 2.3.20 (80a5ac675d), I have a problem with submission-login when using GSSAPI auth : it's not working, probably due to AUTH line being too long. It appeared after I activated PAC on my Kerberos infrastructure. Now the Kerberos tickets contains MS-PAC data and are bigger. It's part of the RFC and is a valid use case : https://datatracker.ietf.org/doc/html/rfc4120#section-5.2.6
Logs :
My guess is that it's due to https://github.com/dovecot/core/blob/main/src/lib-smtp/smtp-common.h#L10 being too low (is it configurable ?), but I didn't read the code thoroughly. Red Hat IDM now activates MS-PAC by default, so any installation based on IDM (or FreeIPA) may have the same problem. What's your opinion ? Bug ?
Mail sent using password auth :'(
-- Thomas Lemarchand
Hi!
This is an RFC limitation. SASL-IR may not exceed 998 bytes including AUTH GSSAPI and \r\n.
If the SASL-IR exceeds this, then the client must use interactive SASL.
Aki
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Please see https://datatracker.ietf.org/doc/html/rfc4954#section-4
"Note that the AUTH command is still subject to the line length limitations defined in [SMTP]. If use of the initial response argument would cause the AUTH command to exceed this length, the client MUST NOT use the initial response parameter (and instead proceed as defined in Section 5.1 of [SASL])."
Aki