AUTH password problem.

Reko Turja reko.turja at liukuma.net
Fri May 16 08:14:13 EDT 2008


Does "password" work? I have a hunch that passwords are limited to a 
certain length, most
probably by the system itself and the extra characters from input are 
just discarded before
comparing the hashes.

-Reko

--------------------------------------------------
From: "Josep M." <websurfer at gamu.navegants.org>
Sent: Friday, May 16, 2008 1:34 PM
To: <cyrus-sasl at lists.andrew.cmu.edu>
Subject: AUTH password problem.

> Hello.
>
> I try the following:
>
> testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u test -p
> passwordgood           (pass OK) This is OK
> testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u test -p
> passwordgoodXXXXX      (pass OK) This should FAIL
>
> The password is "passwordgood" but "passwordgoodXXXXX" is accepted
> too!!!!!
>
> But....for example "passwoCCrdgood" is NOT accepted
>
>
> debianet:/home/krasher# cat /etc/default/saslauthd
> START=yes
> MECHANISMS="pam"
> MECH_OPTIONS=""
> THREADS=5
> OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
>
> debianet:/home/krasher# cat /usr/lib/sasl2/smtpd.conf
> pwcheck_method: saslauthd
> mech_list: LOGIN PLAIN
> log_level: 5
>
>
> debianet:/home/krasher/testing-smtp/new/commands/ff# cat 
> /etc/pam.d/smtp
> @include common-auth
> @include common-session
> @include common-account
> @include common-password
>
>
> I use debian etch, what more can I look? I don't have saslauthd.conf
> file in the computer
>
> Thanks in advance
> Josep
>
>
> 


More information about the Cyrus-sasl mailing list