Bug 984617 - GSSAPI login method in cyrus-sasl no longer works after upgrade to F19
Summary: GSSAPI login method in cyrus-sasl no longer works after upgrade to F19
Keywords:
Status: CLOSED DUPLICATE of bug 984079
Alias: None
Product: Fedora
Classification: Fedora
Component: cyrus-sasl
Version: 19
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Petr Lautrbach
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-07-15 14:40 UTC by Austin Murphy
Modified: 2013-07-22 15:34 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-07-22 15:34:29 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Austin Murphy 2013-07-15 14:40:59 UTC 
Description of problem:
I upgraded from Fedora 18 to 19 using fedup.  Afterwards Pidgin was not able to connect to my organization's jabber server using my kerberos credentials.  It gave the following error.

SASL error: SASL(-1): generic failure: GSSAPI Error: A required input parameter could not be read (Unknown error)


Version-Release number of selected component (if applicable):
cyrus-sasl-gssapi.x86_64         2.1.26-9.fc19
pidgin.x86_64                    2.10.7-3.fc19
krb5-workstation.x86_64          1.11.3-2.fc19


How reproducible:
Consistently fails. 

Steps to Reproduce:
1. Setup jabber with a kerberized jabber server using Fedora 18 and pidgin.
2. Upgrade to Fedora 19.


Actual results:
Failed to login to Jabber account using kerb creds (via cyrus-sasl GSSAPI method).

Expected results:
Login to jabber account using kerb creds.

Additional info:

(09:42:02) jabber: Sending (ssl) (amur/Pidgin): <stream:stream to='upenn.edu' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(09:42:02) jabber: Recv (ssl)(482): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="upenn.edu" id="f82bc1d6" xml:lang="en" version="1.0"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>GSSAPI</mechanism><mechanism>PLAIN</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/></stream:features>
(09:42:02) sasl: Mechs found: GSSAPI PLAIN
(09:42:02) jabber: Sending (ssl) (amur/Pidgin): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='GSSAPI' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'>password removed</auth>
(09:42:02) jabber: Recv (ssl)(65): <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">=</challenge>
(09:42:02) sasl: GSSAPI Error: A required input parameter could not be read (Unknown error)
(09:42:02) jabber: Error is -1 : SASL(-1): generic failure: GSSAPI Error: A required input parameter could not be read (Unknown error)
(09:42:02) connection: Connection error on 0x14bae30 (reason: 3 description: SASL error: SASL(-1): generic failure: GSSAPI Error: A required input parameter could not be read (Unknown error))

F18 seems to have used cyrus-sasl-2.1.23-36.fc18. 

When I delete my kerb creds, I am able to login using the PLAIN method.
Comment 1 Austin Murphy 2013-07-22 15:34:29 UTC 
This is likely to be a duplicate of BUG 984079.
 https://bugzilla.redhat.com/show_bug.cgi?id=984079

Additional info:

I reproduced the same error message "SASL(-1): generic failure: GSSAPI Error: A required input parameter could not be read (Unknown error)"  in a different app linked to the F19 version of sasl. 

The steps to reproduce seem to be to just try to use cyrus-sasl-gssapi with any app and an older version of sasl or gssapi on the other end.

*** This bug has been marked as a duplicate of bug 984079 ***
Note You need to log in before you can comment on or make changes to this bug.