Hi Amir,
On 13/10/2012 02:55, Amir 'CG' Caspi wrote:
Speaking of more updates...
This issue still hasn't been truly resolved:
http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2011-April/002233.html
Lorenzo Catucci released a couple of patches to deal with this but
they were "rejected" by RHEL because they supposedly broke
compatibility with other utilities. From reading the latest comments
in the bug report
(https://bugzilla.redhat.com/show_bug.cgi?id=683797), especially #16,
it appears that this is because the patch causes saslauthd to hang up
if it doesn't receive rhost info, which it wouldn't from utilities
that haven't been modified to send it. Perhaps the patch could be
rewritten so that saslauthd doesn't _expect_ rhost, but still allows
it, so it won't hang up if not given that info.
Some later comments (notably #20) remark that this is an issue
with other auth schemes besides pam.
I can apply the older patch (for 1.5.X, possibly updated), but my
problem is that I can't really test it. If somebody is willing to try it
out, I can attempt to fix this issue.
In any case, it would be awesome to have this updated at the
source (here), and to have it work - right now, without rhost logging
capability, DDoS banners like fail2ban can't use saslauthd info (at
least not with pam).
