strange login/password problem
Philippe Trolliet
philippe.trolliet at novatec-gmbh.de
Wed Aug 22 11:07:35 EDT 2007
hi,
i have a strange login problem on my mailserver and i don´t know what it is.
i assume that it has something to do with saslauthd.
here my problem:
this morning a user said that he can use 2 different passwords for his
account. he was using the horde webclient to login. horde itself is
configured to use imp (imap) for authentication.
he used the following 2 passwords:
keht77&0nme
keht77&0nba
first i thought that it has something to do with horde. so i created an imap
connection in outlook to test if this just works with horde. i used both
passwords for receiving (imap) and sending (smtp with authentication) mail.
both passwords worked fine.
now i think that it has something to do with saslauthd or the '&'-character
in the password. it doesn´t matter which characters follow the string
"keht77&0". it accepts everything. it has nothing to do with a maximum of 8
characters for passwords because my own is longer than 8 characters and i
have to supply the whole password string.
i also tried to change the password to "keht77&0nme" directly on the
database with phpmyadmin. but this didn´t change anything.
saslauthd is started with the -c option to cache user credentials because
the swap space on the mailserver went out auf space and so it crashed. it
uses pam to authenticate and pam itself is configured to search for the
login credentials in a mysql database.
i hope that i haven´t forgot anything and that anybody can help me.
regards
philippe
More information about the Cyrus-sasl
mailing list