plain authentication fails if userid and authid differ
Christian Schwamborn
list at rechnerpool.com
Sun Dec 22 15:41:00 EST 2013
Hello list,
I recently tried to upgrade the first of my mail systems from debian
squeeze to wheezy and discovered that something within sasl was broken.
I tracked down the problem to bug-id 3590 patched the sasl libs (2.1.25
in wheezy) and it seemed to work.
But before I'm going to continue: Meanwhile I spent some time to rebuilt
the current sasl release 2.1.26 an all it's dependencies but my problem
remains.
When doing a "plain" authentication in a setup using saslauthd without
configured auxprop modules (as described in
https://bugzilla.cyrusimap.org/show_bug.cgi?id=3590) everything if fine
as long as userid and authid are the same:
imtest -u test -a test -w Password -v -m plain 127.0.0.1
works just fine.
But if userid and authid differ, sasl will behave similar as before the
the patch. All this worked fine with sasl 2.1.23 (which was in squeeze).
Did something changed in the configuration or is there still a bug
somewhere?
The base64 encoded sting is:
"test\0cyrus\0Password"
telnet localhost 4190
Trying ::1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.4.16-Debian-2.4.16-4+deb7u1"
"SASL" "PLAIN LOGIN"
"SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags
notify envelope relational regex subaddress copy"
"STARTTLS"
"UNAUTHENTICATE"
OK
AUTHENTICATE "PLAIN" {28+}
dGVzdABjeXJ1cwBQYXNzd29yZA=='
NO "Authentication Error"
syslog:
Dec 21 22:32:40 ourea cyrus/master[17707]: about to exec
/usr/lib/cyrus/bin/timsieved
Dec 21 22:32:40 ourea cyrus/sieve[17707]: executed
Dec 21 22:32:40 ourea cyrus/sieve[17707]: accepted connection
Dec 21 22:32:40 ourea cyrus/sieve[17707]: badlogin: localhost[127.0.0.1]
PLAIN no mechanism available
doing the same with:
"test\0test\0Password"
-->
AUTHENTICATE "PLAIN" {24+}
dGVzdAB0ZXN0AFBhc3N3b3Jk
will work
I hope you can help, since the whole ubuntu comunity uses as a
workaround to revert to 2.1.23 and thats an ugly hack and not applicable
to debian wheezy unless one spends a lot of time figuring out why it
doesn't build.
Best regards,
Christian
More information about the Cyrus-sasl
mailing list