Cyrus-sasl Digest, Vol 18, Issue 8

Andreas Winkelmann ml at awinkelmann.de
Fri Jan 5 18:01:22 EST 2007


On Friday 05 January 2007 23:45, Tiron Adrian wrote:

> Yeah,i'm such an idiot sometimes....i had only removed the extention....now
> it's completely fixed.
>
> Anyway I also got this in maillog
>
> n  6 00:29:56 localhost postfix/smtpd[3411]: match_list_match:
> localhost.localdomain: no match Jan  6 00:29:56 localhost
> postfix/smtpd[3411]: match_list_match: 127.0.0.1: no match Jan  6 00:29:56
> localhost postfix/smtpd[3411]: match_list_match: localhost.localdomain: no
> match Jan  6 00:29:56 localhost postfix/smtpd[3411]: match_list_match:
> 127.0.0.1: no match Jan  6 00:29:56 localhost postfix/smtpd[3411]:
> match_hostname: localhost.localdomain ~? 127.0.0.1/32 Jan  6 00:29:56
> localhost postfix/smtpd[3411]: match_hostaddr: 127.0.0.1 ~? 127.0.0.1/32
>
> and this from saslauthd :
> saslauthd[3491] :get_accept_lock : acquired accept lock
> saslauthd[3491] :rel_accept_lock : released accept lock
> saslauthd[3491] :do_auth         : auth failure: [user=XXXXXX]
> [service=smtp] [realm=] [mech=shadow] [reason=Unknown] saslauthd[3491]
> :do_request      : response: NO
>
> Where you see user=XXXXX instead of XXXXX it actually prints my password
> instead of the user i've tried to authenticate with!!!!!
>
> This is what i've used to calculate the encoding:
>
> perl -MMIME::Base64 -e  'print
> encode_base64("username\0password\0passwordi");'
>
> Now when i've reversed username with the password like this
> perl -MMIME::Base64 -e  'print
> encode_base64("password\0username\0username");' saslauthd reports me
> correctly the user instead of the XXXXX  and not the password.

The correct form is "username\0username\0password". The first Username should 
be equal to the second with Postfix. If you are unsure with that, you should 
use a real MUA to test that.

-- 
	Andreas


More information about the Cyrus-sasl mailing list