Digging into a problem
Matthias Wimmer
m at tthias.eu
Mon Jul 2 19:11:15 EDT 2012
Hi Alexey,
Alexey Melnikov schrieb am 2012-07-02 11:33:20:
> >I am currently digging into a problem I have with cyrus sasl since I
> >upgraded from Ubuntu 11.10 to 12.04.
>
> Which version of SASL is used by Ubuntu 12.04?
Ubuntu 12.04 has Cyrus SASL 2.1.25 - and it seems the same packages are
used as currently in Debian testing.
> What does your program do (or more specifically, how does it use
> libsasl)? In general, SASL plugins like DIGEST-MD5 can request both
> cleartext attribute (userPassword) and a non cleartext one, but
> should work if either one of them is present. Hopefully the same
> applies to your program.
At the start:
sasl_server_init(<list of callbacks>, "jadc2s")
=> I get SASL_OK
my list of callbacks has three elements:
- SASL_CB_CANON_USER
- SASL_CB_PROXY_POLICY
- SASL_CB_LIST_END
/usr/lib/sasl2/jadc2s.conf contains:
log_level: 7
mech_list: DIGEST-MD5
sql_engine: pgsql
sql_hostnames: breg.amessage.eu
sql_user: sasl
sql_passwd: XXXXXXXX
sql_database: sasl
sql_select: SELECT password FROM system_users WHERE username='%u' AND realm='%r'
the last line had been:
sql_select: SELECT password FROM system_users WHERE '%p'='userPassword' AND username='%u' AND realm='%r'
For any connection, I set:
sasl_server_new("xmpp", <default domain of server>, <default domain of server>, <ip>, <ip>, NULL, 0, &sasl_conn);
sasl_setprop(..., SASL_SEC_PROPS, ...);
min_ssf: 0
max_ssf: -1
maxbufsize: 1024
property_names: NULL
property_values:NULL
security_flags: SASL_SEC_NOANONYMOUS
sasl_setprop(..., SASL_DEFUSERREALM, <domain of the client>);
sasl_setprop(..., SASL_SSF_EXTERNAL, <value from GnuTLS>);
I request:
sasl_listmech(...)
Authentication is done using (client can send initial data):
sasl_server_start(...)
sasl_server_step(...)
After authentication I would do:
sasl_getprop(..., SASL_MAXOUTBUF, ...);
sasl_getprop(..., SASL_USERNAME, ...);
> >Instead
> >it tries to read /etc/sasldb2 (which is not used in my setup).
>
> You have SASLDB auxprop plugin installed and enabled. If you don't
> want to use it, you should disable it.
that's "auxprop_plugin: sql", right?
Matthias
--
Matthias Wimmer USt-IdNr. DE244176643
Contact details: http://matthias.wimmer.tel/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4083 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20120702/28cb29bd/attachment.bin
More information about the Cyrus-sasl
mailing list