[Dovecot] GSSAPI Authentication in v1.2.1
Phillip Macey
phillip.macey at cisra.canon.com.au
Fri Aug 14 09:46:17 EEST 2009
On 14/08/2009 3:34 AM, Timo Sirainen wrote:
> On Thu, 2009-08-13 at 17:55 +1000, Phillip Macey wrote:
>
>> On 8/08/2009 2:50 AM, Timo Sirainen wrote:
>>
>>> Does it help if you increase
>>>
>>> #define LOGIN_MAX_INBUF_SIZE 4096
>>>
>>> to e.g. 8192 in src/login-common/client-common.h?
>>>
>> I also needed to change src/master/master-login-interface.h
>> #define MASTER_LOGIN_MAX_DATA_SIZE (8192*2)
>>
>
> What do you mean by "needed to"? Was the auth still failing without that
> change? I don't think it should..
>
I got a warning message during the build if I did not. I dont think it
built successfully if I did not change it as well. The comment
immediately preceding that line of code also talks about keeping the two
values in sync.
From src/master/master-login-interface.h:
/* This should be kept in sync with LOGIN_MAX_INBUF_SIZE. Multiply it by two
to make sure there's space to transfer the command tag */
#define MASTER_LOGIN_MAX_DATA_SIZE (8192*2)
>> Out of interest, what sort of stuff gets stored in this buffer? Would it
>> be where dovecot stores a users kerberos tickets?
>>
>
> LOGIN_MAX_INBUF_SIZE is just the max. size of data that can be kept in
> memory that comes from client. The limit you were probably reaching was
> in AUTHENTICATE command when your client was sending Kerberos response.
>
> MASTER_LOGIN_MAX_DATA_SIZE is only about sending data to imap process
> that was already read from client by imap-login process. There are no
> Kerberos tickets or anything stored there. Usually it needs only a
> couple of bytes to transfer the IMAP login command tag. So I've no idea
> why it would need to be that large with you.
Win2k8/Active Directory KDC - maybe they do something wacky?
--
Thanks,
Phill Macey (CiSRA IT Services)
More information about the dovecot
mailing list