GS2-SXOVER-PLUS breaks with installed package libsasl2-modules-gssapi-mit
With libsasl2-modules-gssapi-mit installed, the SXOVER breaks down, presumably on the generic GS2-* support.
One message we've seen is wrap_diameterd: Error: client incorrectly assumed server had no channel binding
that occurs in sasl_server_step
presumably because the channel binding was set to _WANT
in the generic gs2_server_mech_step
. Note that SCRAM
would set to _USED
in its scram_server_mech_step2
procedure (but that may be a later message, not sure).
We are destined to remove the GS2-
prefix because we want establish end-to-end secrets, as those are meaningful during Realm Crossover. Therefore, this problem may go away when we do. For now, a "fix" is to remove the said package.