On 12/22/13 21:41 +0100, Christian Schwamborn wrote:
I recently tried to upgrade the first of my mail systems from debian
squeeze to wheezy and discovered that something within sasl was
broken. I tracked down the problem to bug-id 3590 patched the sasl
libs (2.1.25 in wheezy) and it seemed to work.
But before I'm going to continue: Meanwhile I spent some time to
rebuilt the current sasl release 2.1.26 an all it's dependencies but
my problem remains.
When doing a "plain" authentication in a setup using saslauthd
without configured auxprop modules (as described in
https://bugzilla.cyrusimap.org/show_bug.cgi?id=3590) everything if
fine as long as userid and authid are the same:
imtest -u test -a test -w Password -v -m plain 127.0.0.1
works just fine.
But if userid and authid differ, sasl will behave similar as before
the the patch. All this worked fine with sasl 2.1.23 (which was in
squeeze). Did something changed in the configuration or is there
still a bug somewhere?
The base64 encoded sting is:
"test\0cyrus\0Password"
Does 'cyrus' exist as an admin or proxyservers in imapd.conf? Is 'test' an
admin? I recall there being some issue there. Security wise, you should be
using an identity from your proxyservers entry rather than an admin.
telnet localhost 4190
Trying ::1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.4.16-Debian-2.4.16-4+deb7u1"
"SASL" "PLAIN LOGIN"
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
"STARTTLS"
"UNAUTHENTICATE"
OK
AUTHENTICATE "PLAIN" {28+}
dGVzdABjeXJ1cwBQYXNzd29yZA=='
Is the trailing ' a typo?
NO "Authentication Error"
syslog:
Dec 21 22:32:40 ourea cyrus/master[17707]: about to exec
/usr/lib/cyrus/bin/timsieved
Dec 21 22:32:40 ourea cyrus/sieve[17707]: executed
Dec 21 22:32:40 ourea cyrus/sieve[17707]: accepted connection
Dec 21 22:32:40 ourea cyrus/sieve[17707]: badlogin:
localhost[127.0.0.1] PLAIN no mechanism available
That looks like a bug, since PLAIN was advertised in the banner. Perhaps
the trailing single quote is a problem.
Try using sivtest instead.
doing the same with:
"test\0test\0Password"
-->
AUTHENTICATE "PLAIN" {24+}
dGVzdAB0ZXN0AFBhc3N3b3Jk
will work
--
Dan White