From owner-freebsd-ports Thu Aug 29 20:40:15 2002 Delivered-To: freebsd-ports@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D551E37B400 for ; Thu, 29 Aug 2002 20:40:08 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7294043E42 for ; Thu, 29 Aug 2002 20:40:08 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7U3e8JU038726 for ; Thu, 29 Aug 2002 20:40:08 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7U3e8bg038725; Thu, 29 Aug 2002 20:40:08 -0700 (PDT) Date: Thu, 29 Aug 2002 20:40:08 -0700 (PDT) Message-Id: <200208300340.g7U3e8bg038725@freefall.freebsd.org> To: freebsd-ports@FreeBSD.org Cc: From: "Scot W. Hetzel" Subject: Re: ports/38801: sasl_apop_patch.gz breaks LOGIN mech (SMTP AUTH) Reply-To: "Scot W. Hetzel" Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR ports/38801; it has been noted by GNATS. From: "Scot W. Hetzel" To: "Seva Gluschenko" , Cc: Subject: Re: ports/38801: sasl_apop_patch.gz breaks LOGIN mech (SMTP AUTH) Date: Thu, 29 Aug 2002 22:38:23 -0500 From: "Seva Gluschenko" > making Cyrus SASL library (used for SMTP AUTH) from ports results > to non-working LOGIN authentication mechanism. Experiments show this > situation to be result of sasl_apop_patch application. > N.B.: It wasn't tested against pwcheck method, only with SaslDB. > Try every MUA which is capable of LOGIN authentication (e.g. MSOE 5.5 > and higher). Sendmail will continuously re-request password, strings > in maillog will look like > > Jun 1 20:37:39 kolokol sm-mta[26436]: g51GbdVS026436: demo.rinet.ru > [195.54.192.69] did not issue MAIL/EXPN/VRFY/ETRN during connection > to MTA > I looked into this problem further, and still can't get the original problem to occur with the apop patch (No pwcheck or saslauthd1 daemons running and Sendmail.conf's pwcheck_method set to sasldb). The only problem I had was a mismatch between the servers 'hostname' and DNS. The problem is that saslpasswd uses `hostname` found on the system for the default realm. While sendmail does a DNS lookup to determine the hostname of the mail server, and then uses it for the SASL realm name. On my test system I had 'hostname' and DNS names in different cases: hostname - Test.domain.org DNS Lookup - TEST.domain.org # sasldblistusers user: testuser realm: Test.domain.org mech: PLAIN user: testuser realm: Test.domain.org mech: CRAM-MD5 user: testuser realm: Test.domain.org mech: PLAIN-APOP user: testuser realm: Test.domain.org mech: DIGEST-MD5 With the realm set to "Test.domain.org", sendmail would fail to authenticate the user (OE would ask for username and password repeatedly), and sendmail would report: Aug 29 21:41:36 Test sm-mta[8111]: g7U2faWr008111: wrkstation.domain.org [10.0.0.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Using saslpasswd's domain option (-u), to first remove and then reenter the "testuser": saslpasswd -d -u Test.domain.org testuser saslpasswd -c -u TEST.domain.org testuser allowed OE to login (changing DNS would also have worked). I also tested the SASL library without the APOP patch and had the same problem due to mismatched realms between sendmail and the sasldb database. I don't know why you had success with the removal of the APOP patch, unless someone had changed the case of the DNS entry for the server, while you were testing. If you could setup a test server, give it another try with the APOP patch and let us know the results. Scot W. Hetzel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message