Speaking of more updates...
This issue still hasn't been truly resolved:
http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2011-April/002233.html
Lorenzo Catucci released a couple of patches to deal with
this but they were "rejected" by RHEL because they supposedly broke
compatibility with other utilities. From reading the latest comments
in the bug report
(https://bugzilla.redhat.com/show_bug.cgi?id=683797), especially #16,
it appears that this is because the patch causes saslauthd to hang up
if it doesn't receive rhost info, which it wouldn't from utilities
that haven't been modified to send it. Perhaps the patch could be
rewritten so that saslauthd doesn't _expect_ rhost, but still allows
it, so it won't hang up if not given that info.
Some later comments (notably #20) remark that this is an
issue with other auth schemes besides pam.
In any case, it would be awesome to have this updated at the
source (here), and to have it work - right now, without rhost logging
capability, DDoS banners like fail2ban can't use saslauthd info (at
least not with pam).
Thanks!
--- Amir
At 10:57 AM -0700 10/12/2012, Howard Chu wrote:
Alexey Melnikov wrote:
On 09/10/2012 23:10, Howard Chu wrote:
Speaking of new releases, I'd like to see some feedback/movement on
these patches...
http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2012-March/002479.html
If you add/update makefiles, the process would be much quicker. (And if
you are not sure, ask).
http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2012-May/002490.html
This one is in GIT already.
Ah, I wasn't aware there was a git repo, I was still looking at CVS.
I'll sync up with git and provide Makefiles/etc for the MDB patch shortly.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
