Can't authorize as different user in cyradm and sieveshell
mulitskiy at acedsl.com
Mon Nov 21 18:44:19 EST 2016
You nailed it. Mere presence of sasldb plugin makes it work.
The code doesn't look kosher to me though.
In sasl_server_new() there's a line:
serverconn->sparams->canon_user = &_sasl_canon_user_lookup;
which unconditionally set canon_user callback to the function that performs both
canonicalization and auxprop lookup. In case there's no auxprop plugins it
results in SASL_NOMECH.
I guess it should check whether auxprop plugins are available in the system and either
set it to _sasl_canon_user_lookup() or _sasl_canon_user().
Anyway installing sasldb plugin is easy enough workaround.
On Monday, November 21, 2016 04:36:01 PM Dan White wrote:
> In the absence of an [sasl_]auxprop_plugins statement, all plugins will be
> queried. For example, running pluginviewer (or saslpluginviewer on debian)
> should typically list sasldb if it's installed on your system.
> The canon_user plugins and auxprop plugins are coded within the same code,
> and so are tied together somewhat, although I haven't dug into the code to
> explain the error Michael is experiencing.
> I'd suggest installing the sasldb auxprop to see if that clears up the
> issue. That may not even require a configuration change.
> On 11/21/16 13:43 -0800, Andrew Morgan via Info-cyrus wrote:
> >I'm using Debian packages for sasl. Here is what libsasl2-modules
> >But in my imapd.conf, I'm not specifying an auxprop plugins:
> ># grep sasl /etc/imapd.conf
> >sasl_mech_list: PLAIN
> >sasl_minimum_layer: 0
> >#sasl_maximum_layer: 256
> >sasl_pwcheck_method: saslauthd
> >Since we are using saslauthd, we don't use auxprop plugins, I think...
> > Andy
> >On Mon, 21 Nov 2016, Michael Ulitskiy wrote:
> >>I'm trying to read the code and it seems that it tries to lookup authorization id
> >>in auxprop plugin. since I don't have any auxprop plugins that returns SASL_NOMECH and results
> >>in the error I'm seeing.
> >>By any chance do you have any auxprop plugin defined?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Info-cyrus