On 04/15/15 21:10 +0000, Osipov, Michael wrote:
Hi folks,
I am binding against Active Directory with GSSAPI mech and would like to
disable SASL integrity for debugging purposes with Wireshark. Unfortunately,
this call fails:
char *secprops = "minssf=0,maxssf=0";
rc = ldap_set_option(ld, LDAP_OPT_X_SASL_SECPROPS, secprops);
with:
Diagnostic message: SASL(-1): generic failure: GSSAPI Error: A required input
parameter could not be read (Unknown error)
Result code: -2
This error is likely produced by your Kerberos library (whichever one Cyrus
is compiled against), or perhaps with the way the security properties are
passed down from OpenLDAP to Cyrus to Kerberos.
Setting a minssf should not be necessary. Do you also get this error with
"maxssf=0"? "maxssf=1" may be a more workable option, since encryption is
really what you want to turn off, not integrity.
--
Dan White
