On Fri, Aug 12, 2016 at 12:57:27PM -0700, Robert Moulton wrote:
>
>
> Robert Moulton wrote on 8/12/16 12:14 PM:
> > Jakub Hrozek wrote on 8/12/16 12:59 AM:
> > > On Thu, Aug 11, 2016 at 03:08:35PM -0700, Robert Moulton wrote:
> > > > On a CentOS 6 system we recently implemented sssd auth against an AD
> > > > domain
> > > > (Samba 4 AD, specifically). The system messages log often shows
> > > > flurries of
> > > > these GSSAPI errors:
> > > >
> > > > sssd[be[notarealdomain.com]]: GSSAPI Error: Invalid token was supplied
> > > > (Token header is malformed or corrupt)
>
> Scanning system logs, I noticed that along with thes GSSAPI error messages,
> an error of this form occasionally shows up:
>
> sssd_be: encoded packet size too big (-1344597784 > 16777215)
This message (even though it's emitted here by the sssd_be process)
comes from the cyrus-sasl library that is used when authenticating with
GSSAPI.
I'm afraid I'm getting a bit out of my depth there. There was a
discussion between the sasl maintainer and another affected user here:
https://bugzilla.redhat.com/show_bug.cgi?id=1205878
maybe it would be useful to follow up there as well so that at least the
sasl maintainer knows this is affecting more users?
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]
