auks cred: input buffer is too large

[robberteggermont]

Using the latest auks from github, "auks -a" gives me the "auks cred: input buffer is too large" (AUKS_ERROR_CRED_INIT_BUFFER_TOO_LARGE) error.

It seems my ticket length is 2077 bytes while AUKS_CRED_DATA_MAX_LENGTH is defined as 2048.

I tried upping AUKS_CRED_DATA_MAX_LENGTH to 3072, and that seems to make things work, but I would like to make sure this won't break anything else. Also, what would be a sensible value here?

diff -urN auks-0.4.3.1427832275.31aadac/src/api/auks/auks_cred.h auks-0.4.3/src/api/auks/auks_cred.h
--- auks-0.4.3.1427832275.31aadac/src/api/auks/auks_cred.h  2015-06-14 15:00:27.000000000 +0200
+++ auks-0.4.3_patched/src/api/auks/auks_cred.h 2015-06-14 15:08:25.983836640 +0200
@@ -84,7 +84,7 @@
 #define AUKS_CRED_INVALID_TIME       0
 #define AUKS_CRED_FILE_MAX_LENGTH  128

-#define AUKS_CRED_DATA_MAX_LENGTH 2048
+#define AUKS_CRED_DATA_MAX_LENGTH 3072

 typedef struct auks_cred_info {
    char principal[AUKS_PRINCIPAL_MAX_LENGTH + 1];

[hautreux]

As long as both auks clients/servers use the same length, it will work. The 2048 was sufficient to store a single tgtbwith medium sized principals/realms with current enctype at the time of writing, it might be better to increase that to 3072/4096 now. I 'll keep that in mind for future releases. Thanks.

[jmkekala]

Hey,

Just bringing this up. I had the exactly the same issue with CentOS 7.3. Increasing AUKS_CRED_DATA_MAX_LENGTH to 4096 fixed the issue.