Next release of CMU SASL - update

Pascal Gienger Pascal.Gienger at uni-konstanz.de
Thu Apr 9 04:19:30 EDT 2009


Alexey Melnikov schrieb:

> 1). Remove extra (unused) mutex in libsasl
> 2). Merge my utils/pluginviewer.c changes
> 3). Investigate global callback updating in subsequent sasl_server_init() calls
> 4). Commit SQLite3 configure change. Test SQLite3 plugin.
> 5). Remove use of obsolete cmusasl... attributes
> 6). Strip trailing spaces from options during server configuration loading
> 7). Investigate fix for bug # 2822 (OTP does not work with prompts)
> 8). Review patch for bug # 3134 (Improved error reporting from auth_getpwent)
> 9). MacOS dlopen.c change (+ the libtool change?)
> 10). Merge Debian bugfixes 

Is 5 really necessary?
There are quite some people who actually use cmusaslsecretDIGEST-MD5 to 
store secrets via ldap. If their hash database gets stolen they can 
change the realm (DIGEST-MD5!) and recompute all the hashes, making the 
stolen hashes useless.



More information about the Cyrus-sasl mailing list