Cyrus-sasl Digest, Vol 18, Issue 8
Tiron Adrian
tiron_adrian at yahoo.com
Fri Jan 5 17:45:00 EST 2007
Yeah,i'm such an idiot sometimes....i had only removed the extention....now it's completely fixed.
Anyway I also got this in maillog
n 6 00:29:56 localhost postfix/smtpd[3411]: match_list_match: localhost.localdomain: no match
Jan 6 00:29:56 localhost postfix/smtpd[3411]: match_list_match: 127.0.0.1: no match
Jan 6 00:29:56 localhost postfix/smtpd[3411]: match_list_match: localhost.localdomain: no match
Jan 6 00:29:56 localhost postfix/smtpd[3411]: match_list_match: 127.0.0.1: no match
Jan 6 00:29:56 localhost postfix/smtpd[3411]: match_hostname: localhost.localdomain ~? 127.0.0.1/32
Jan 6 00:29:56 localhost postfix/smtpd[3411]: match_hostaddr: 127.0.0.1 ~? 127.0.0.1/32
and this from saslauthd :
saslauthd[3491] :get_accept_lock : acquired accept lock
saslauthd[3491] :rel_accept_lock : released accept lock
saslauthd[3491] :do_auth : auth failure: [user=XXXXXX] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
saslauthd[3491] :do_request : response: NO
Where you see user=XXXXX instead of XXXXX it actually prints my password instead of the user i've tried to authenticate with!!!!!
This is what i've used to calculate the encoding:
perl -MMIME::Base64 -e 'print encode_base64("username\0password\0passwordi");'
Now when i've reversed username with the password like this
perl -MMIME::Base64 -e 'print encode_base64("password\0username\0username");'
saslauthd reports me correctly the user instead of the XXXXX and not the password.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Cyrus-sasl
mailing list