Re: plain authentication fails if userid and authid differ

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/22/13 21:41 +0100, Christian Schwamborn wrote:
I recently tried to upgrade the first of my mail systems from debian squeeze to wheezy and discovered that something within sasl was broken. I tracked down the problem to bug-id 3590 patched the sasl libs (2.1.25 in wheezy) and it seemed to work. But before I'm going to continue: Meanwhile I spent some time to rebuilt the current sasl release 2.1.26 an all it's dependencies but my problem remains.
When doing a "plain" authentication in a setup using saslauthd without configured auxprop modules (as described in https://bugzilla.cyrusimap.org/show_bug.cgi?id=3590) everything if fine as long as userid and authid are the same: 

imtest -u test -a test -w Password -v -m plain 127.0.0.1
works just fine.
But if userid and authid differ, sasl will behave similar as before the the patch. All this worked fine with sasl 2.1.23 (which was in squeeze). Did something changed in the configuration or is there still a bug somewhere? 

The base64 encoded sting is:
"test\0cyrus\0Password"


Does 'cyrus' exist as an admin or proxyservers in imapd.conf? Is 'test' an
admin? I recall there being some issue there. Security wise, you should be
using an identity from your proxyservers entry rather than an admin.


telnet localhost 4190
Trying ::1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.4.16-Debian-2.4.16-4+deb7u1"
"SASL" "PLAIN LOGIN"
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" 
"STARTTLS"
"UNAUTHENTICATE"
OK
AUTHENTICATE "PLAIN" {28+}
dGVzdABjeXJ1cwBQYXNzd29yZA=='


Is the trailing ' a typo?


NO "Authentication Error"

syslog:
Dec 21 22:32:40 ourea cyrus/master[17707]: about to exec /usr/lib/cyrus/bin/timsieved 
Dec 21 22:32:40 ourea cyrus/sieve[17707]: executed
Dec 21 22:32:40 ourea cyrus/sieve[17707]: accepted connection
Dec 21 22:32:40 ourea cyrus/sieve[17707]: badlogin: localhost[127.0.0.1] PLAIN no mechanism available 

That looks like a bug, since PLAIN was advertised in the banner. Perhaps
the trailing single quote is a problem.

Try using sivtest instead.


doing the same with:
"test\0test\0Password"
-->
AUTHENTICATE "PLAIN" {24+}
dGVzdAB0ZXN0AFBhc3N3b3Jk
will work


--
Dan White
[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux