[Dovecot] Small LOGIN_MAX_INBUF_SIZE for GSSAPI with samba4 (AD)
Timo Sirainen
tss at iki.fi
Tue Jan 3 13:16:29 EET 2012
On Mon, 2012-01-02 at 19:20 +0100, Ludek Finstrle wrote:
> Jan 2 17:58:42 server dovecot: imap-login: Disconnected: Input buffer full (no auth attempts): rip=192.167.14.16, lip=192.167.14.16, secured
..
> I fixed this problem with enlarging LOGIN_MAX_INBUF_SIZE. I also red about wrong lower/uppercase
> but it's not definitely my problem (I tried all possibilities of lower/uppercas in login).
>
> I sniffed the plain communication and the "a0000 AUTHENTICATE GSSAPI" line has around 1873 chars.
> When I enlarged the LOGIN_MAX_INBUF_SIZE to 2048 the problem disappeared and I'm now able to login
> to dovecot using gssapi in mutt client.
There was already code that allowed 16kB SAS messages, but that didn't
work for initial SASL reponse with IMAP SASL-IR extension.
> I use also thunderbird (on windows with sspi) and it works ok with LOGIN_MAX_INBUF_SIZE = 1024.
TB probably doesn't support SASL-IR.
> Does anybody have any idea why it's so large or how to fix it another way? It's terrible to
> patch each version of dovecot rpm package. Or is there any possibility to change constant?
> I have no idea how much this should affect memory usage.
>
> The simple patch I have to use is attached.
I increased it to 4 kB:
http://hg.dovecot.org/dovecot-2.0/rev/d06061408f6d
More information about the dovecot
mailing list