Bug 984617 - GSSAPI login method in cyrus-sasl no longer works after upgrade to F19
GSSAPI login method in cyrus-sasl no longer works after upgrade to F19
Status: CLOSED DUPLICATE of bug 984079
Product: Fedora
Classification: Fedora
Component: cyrus-sasl (Show other bugs)
19
x86_64 Linux
unspecified Severity medium
: ---
: ---
Assigned To: Petr Lautrbach
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-15 10:40 EDT by Austin Murphy
Modified: 2013-07-22 11:34 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-22 11:34:29 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Austin Murphy 2013-07-15 10:40:59 EDT
Description of problem:
I upgraded from Fedora 18 to 19 using fedup.  Afterwards Pidgin was not able to connect to my organization's jabber server using my kerberos credentials.  It gave the following error.

SASL error: SASL(-1): generic failure: GSSAPI Error: A required input parameter could not be read (Unknown error)


Version-Release number of selected component (if applicable):
cyrus-sasl-gssapi.x86_64         2.1.26-9.fc19
pidgin.x86_64                    2.10.7-3.fc19
krb5-workstation.x86_64          1.11.3-2.fc19


How reproducible:
Consistently fails. 

Steps to Reproduce:
1. Setup jabber with a kerberized jabber server using Fedora 18 and pidgin.
2. Upgrade to Fedora 19.


Actual results:
Failed to login to Jabber account using kerb creds (via cyrus-sasl GSSAPI method).

Expected results:
Login to jabber account using kerb creds.

Additional info:

(09:42:02) jabber: Sending (ssl) (amur@upenn.edu/Pidgin): <stream:stream to='upenn.edu' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(09:42:02) jabber: Recv (ssl)(482): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="upenn.edu" id="f82bc1d6" xml:lang="en" version="1.0"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>GSSAPI</mechanism><mechanism>PLAIN</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/></stream:features>
(09:42:02) sasl: Mechs found: GSSAPI PLAIN
(09:42:02) jabber: Sending (ssl) (amur@upenn.edu/Pidgin): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='GSSAPI' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'>password removed</auth>
(09:42:02) jabber: Recv (ssl)(65): <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">=</challenge>
(09:42:02) sasl: GSSAPI Error: A required input parameter could not be read (Unknown error)
(09:42:02) jabber: Error is -1 : SASL(-1): generic failure: GSSAPI Error: A required input parameter could not be read (Unknown error)
(09:42:02) connection: Connection error on 0x14bae30 (reason: 3 description: SASL error: SASL(-1): generic failure: GSSAPI Error: A required input parameter could not be read (Unknown error))

F18 seems to have used cyrus-sasl-2.1.23-36.fc18. 

When I delete my kerb creds, I am able to login using the PLAIN method.
Comment 1 Austin Murphy 2013-07-22 11:34:29 EDT
This is likely to be a duplicate of BUG 984079.
 https://bugzilla.redhat.com/show_bug.cgi?id=984079

Additional info:

I reproduced the same error message "SASL(-1): generic failure: GSSAPI Error: A required input parameter could not be read (Unknown error)"  in a different app linked to the F19 version of sasl. 

The steps to reproduce seem to be to just try to use cyrus-sasl-gssapi with any app and an older version of sasl or gssapi on the other end.

*** This bug has been marked as a duplicate of bug 984079 ***

Note You need to log in before you can comment on or make changes to this bug.