cyrus chokes after few logins

Sebastian Hagedorn Hagedorn at uni-koeln.de
Sat Oct 14 16:55:07 EDT 2006


--On 14. Oktober 2006 16:38:05 +0200 "Martin G.H. Minkler" 
<minkler at artegic.de> wrote:

> Solved!

Glad to hear it.

> It was the low entropy of /dev/random - after disallowing APOP everything
> is just fine. Apparently the default for APOP is _enabled_ - to turn it
> off it needs to be explicitly set to allowapop: no.

That's what I wrote yesterday ...

> Manpage doesn't state
> that either ~:-/

It sure does!

       allowapop: 1
            Allow use of the POP3 APOP authentication command.

       Note that this command requires that SASL is compiled  with  APOP 
sup-
       port,  that  the  plaintext  passwords  are available in a SASL 
auxprop
       backend (eg. sasldb), and that the system can  provide  enough 
entropy
       (eg. from /dev/urandom) to create a challenge in the banner.

The "1" indicates that it's on by default ... this is version 2.2.12.

--On 14. Oktober 2006 16:40:31 +0200 "Martin G.H. Minkler" 
<minkler at artegic.de> wrote:

> Sebastian Hagedorn schrieb:
>
>>> Just checked again - if I was to enable APOP, how could I set the random
>>> source for sasl?
>>
>> You have to specify the source prior to compilation with "configure":
>>
>> --with-devrandom=PATH   set the path to /dev/random [/dev/random]
>
> Any way to achieve the same effect with debian packages?

You need to ask the Debian people for that.

> A startup option maybe?

Hardly.
-- 
     .:.Sebastian Hagedorn - RZKR-R1 (Gebäude 52), Zimmer 18.:.
Zentrum für angewandte Informatik - Universitätsweiter Service RRZK
.:.Universität zu Köln / Cologne University - Tel. +49-221-478-5587.:.
                   .:.:.:.Skype: shagedorn.:.:.:.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20061014/9861fb31/attachment.bin


More information about the Cyrus-sasl mailing list