> On 31/05/2023 12:00 EEST Thomas Lemarchand via dovecot <dovecot@dovecot.org> > wrote: > > > Hi ! > > Are you saying I should open a bug report for Thunderbird developers ? > I did not find a reference to a 998 bytes limit, do you have something I > can refer to ? > > Thank you. > -- > Thomas Lemarchand > > On 5/30/23 20:35, Aki Tuomi via dovecot wrote: > >> On 30/05/2023 20:54 EEST Thomas Lemarchand via dovecot > >> <dovecot@dovecot.org> wrote: > >> > >> > >> Hello, > >> > >> On version 2.3.20 (80a5ac675d), I have a problem with submission-login > >> when using GSSAPI auth : it's not working, probably due to AUTH line > >> being too long. > >> It appeared after I activated PAC on my Kerberos infrastructure. Now the > >> Kerberos tickets contains MS-PAC data and are bigger. It's part of the > >> RFC and is a valid use case : > >> https://datatracker.ietf.org/doc/html/rfc4120#section-5.2.6 > >> > >> Logs : > >> > >> > >> My guess is that it's due to > >> https://github.com/dovecot/core/blob/main/src/lib-smtp/smtp-common.h#L10 > >> being too low (is it configurable ?), but I didn't read the code > >> thoroughly. > >> Red Hat IDM now activates MS-PAC by default, so any installation based > >> on IDM (or FreeIPA) may have the same problem. > >> What's your opinion ? Bug ? > >> > >> Mail sent using password auth :'( > >> > >> -- > >> Thomas Lemarchand > >> > >> > > Hi! > > > > This is an RFC limitation. SASL-IR may not exceed 998 bytes including AUTH > > GSSAPI and \r\n. > > > > If the SASL-IR exceeds this, then the client must use interactive SASL. > > > > Aki > > _______________________________________________ > > dovecot mailing list -- dovecot@dovecot.org > > To unsubscribe send an email to dovecot-le...@dovecot.org > > > > _______________________________________________ > dovecot mailing list -- dovecot@dovecot.org > To unsubscribe send an email to dovecot-le...@dovecot.org
Please see https://datatracker.ietf.org/doc/html/rfc4954#section-4 "Note that the AUTH command is still subject to the line length limitations defined in [SMTP]. If use of the initial response argument would cause the AUTH command to exceed this length, the client MUST NOT use the initial response parameter (and instead proceed as defined in Section 5.1 of [SASL])." Aki _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
