Actually, let me do some testing of my own with Apple Contacts and see if I can replicate the problem. On 07/24/2014 10:57 AM, Johan Hattne wrote: > What format would you like that in (and how do I produce that)? > >> On Jul 24, 2014, at 10:48, Ken Murchison <murch@xxxxxxxxxxxxxx> wrote: >> >> I would probably have to see the protocol exchange to in order to understand what is happening. >> >> >>> On 07/23/2014 06:59 PM, Johan Hattne wrote: >>> Thanks Ken, I’ll keep that in mind. In this particular case (and with your earlier patch applied) it appears that http_auth() in cyrus-imap’s httpd.c returns SASL_CONTINUE. The comment around line 3272 says “Need another step to complete authentication”, but the caller (response_header(), line ~2270) appears not to invoke that other step. >>> >>> I tested this by calling http_auth() again if it returns SASL_CONTINUE, and that authenticated me. >>> >>> // Johan >>> >>> >>>> On Jul 23, 2014, at 13:30, Ken Murchison <murch@xxxxxxxxxxxxxx> wrote: >>>> >>>> I had issues with the Apple clients and Digest. Unless you really need Digest, I'd recommend using TLS + Basic. >>>> >>>> >>>> >>>>> On 07/23/2014 01:27 PM, Johan Hattne wrote: >>>>> Hi Ken; >>>>> >>>>> That fixes the crash but results in a “401 Unauthorized”. I’ll look into that a bit more at the next opportunity. >>>>> >>>>> This is using Contacts (8.0 1371) on an up-to-date OS X 10.9.4. It also works on the iPhone (iOS 7.1.2). >>>>> >>>>> // Johan >>>>> >>>>> >>>>>> On Jul 23, 2014, at 10:55, Ken Murchison <murch@xxxxxxxxxxxxxx> wrote: >>>>>> >>>>>> Hi Johan, >>>>>> >>>>>> I believe this issue is fixed by the following commit: http://git.cyrusimap.org/cyrus-sasl/commit/?id=76ce885a44e7cb511ba54ceae46349036abb9cc8 >>>>>> >>>>>> BTW, which CardDAV client is using Digest? >>>>>> >>>>>> >>>>>>> On 07/22/2014 01:48 PM, Johan Hattne wrote: >>>>>>> While PLAIN authentication works fine, I had the https daemon crash during DIGEST-MD5 authentication. The crash turned out to be a divide error in libdigestmd5 from cyrus-sasl. In particular (in cyrus-sasl’s plugins/digestmd5.c): >>>>>>> >>>>>>> /* Create an initial cache entry for non-persistent HTTP connections */ >>>>>>> unsigned val = hash((char *) nonce) % text->reauth->size; >>>>>>> >>>>>>> would fail due to text->reauth->size being zero. If I’m reading this correctly, this appears to be the effect of initializing the plugin (as done in digestmd5_server_plug_init(), defined in same file as the snippet above) with an undefined reauth_timeout. And indeed, adding "sasl_reauth_timeout: 10” to /etc/imapd.conf makes the crash go away. >>>>>>> >>>>>>> I didn’t expect a configuration without reauth_timeout to crash imapd, but I haven’t done enough research to be sure, nor to tell where the problem lies should this be a real issue. Any further insight is greatly appreciated! >>>>>>> >>>>>>> // Cheers; Johan >>>>>>> >>>>>>> ---- >>>>>>> Cyrus Home Page: http://www.cyrusimap.org/ >>>>>>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>>>>>> To Unsubscribe: >>>>>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >>>>>> -- >>>>>> Kenneth Murchison >>>>>> Principal Systems Software Engineer >>>>>> Carnegie Mellon University >>>> -- >>>> Kenneth Murchison >>>> Principal Systems Software Engineer >>>> Carnegie Mellon University >> >> -- >> Kenneth Murchison >> Principal Systems Software Engineer >> Carnegie Mellon University >> -- Kenneth Murchison Principal Systems Software Engineer Carnegie Mellon University ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
