> On 30/05/2023 20:54 EEST Thomas Lemarchand via dovecot <dovecot@dovecot.org> > wrote: > > > Hello, > > On version 2.3.20 (80a5ac675d), I have a problem with submission-login > when using GSSAPI auth : it's not working, probably due to AUTH line > being too long. > It appeared after I activated PAC on my Kerberos infrastructure. Now the > Kerberos tickets contains MS-PAC data and are bigger. It's part of the > RFC and is a valid use case : > https://datatracker.ietf.org/doc/html/rfc4120#section-5.2.6 > > Logs : > > > My guess is that it's due to > https://github.com/dovecot/core/blob/main/src/lib-smtp/smtp-common.h#L10 > being too low (is it configurable ?), but I didn't read the code thoroughly. > Red Hat IDM now activates MS-PAC by default, so any installation based > on IDM (or FreeIPA) may have the same problem. > What's your opinion ? Bug ? > > Mail sent using password auth :'( > > -- > Thomas Lemarchand > >
Hi! This is an RFC limitation. SASL-IR may not exceed 998 bytes including AUTH GSSAPI and \r\n. If the SASL-IR exceeds this, then the client must use interactive SASL. Aki _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
