Patch status
Alexey Melnikov
alexey.melnikov at isode.com
Tue Oct 16 13:26:50 EDT 2012
Hi Amir,
On 13/10/2012 02:55, Amir 'CG' Caspi wrote:
> Speaking of more updates...
>
> This issue still hasn't been truly resolved:
> http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2011-April/002233.html
>
> Lorenzo Catucci released a couple of patches to deal with this but
> they were "rejected" by RHEL because they supposedly broke
> compatibility with other utilities. From reading the latest comments
> in the bug report
> (https://bugzilla.redhat.com/show_bug.cgi?id=683797), especially #16,
> it appears that this is because the patch causes saslauthd to hang up
> if it doesn't receive rhost info, which it wouldn't from utilities
> that haven't been modified to send it. Perhaps the patch could be
> rewritten so that saslauthd doesn't _expect_ rhost, but still allows
> it, so it won't hang up if not given that info.
> Some later comments (notably #20) remark that this is an issue
> with other auth schemes besides pam.
I can apply the older patch (for 1.5.X, possibly updated), but my
problem is that I can't really test it. If somebody is willing to try it
out, I can attempt to fix this issue.
> In any case, it would be awesome to have this updated at the
> source (here), and to have it work - right now, without rhost logging
> capability, DDoS banners like fail2ban can't use saslauthd info (at
> least not with pam).
More information about the Cyrus-sasl
mailing list