Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 19 Apr 2004 04:03:34 -0700 (PDT)
From:      Marko <marko@oblo.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/65759: cyrus-sasl2 from version 2.1.17 drops realms from usernames
Message-ID:  <200404191103.i3JB3YeH062774@www.freebsd.org>
Resent-Message-ID: <200404191110.i3JBAG1e011568@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         65759
>Category:       ports
>Synopsis:       cyrus-sasl2 from version 2.1.17 drops realms from usernames
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 19 04:10:15 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Marko
>Release:        4.8
>Organization:
Oblo
>Environment:
FreeBSD op-fi1.oblo.com 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Wed Jun  4 03:17:05 CEST 2003     root@op_fi1:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
    From version 2.1.17 of cyrus-sasl2, realms are dropped from usernames. This means that when authenticating against an SQL with usernames in the format "user@example.com", SMTP-AUTH will never authenticate because saslauthd will only pass it the "user" part without "@example.com".

A good discussion on this subject:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&c2coff=1&safe=off&threadm=c4pfnm%242s4b%241%40FreeBSD.csie.NCTU.edu.tw&rnum=1&prev=/groups%3Fq%3Dsaslauthd%2Brealm%2B2.1.18%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26c2coff%3D1%26safe%3Doff%26selm%3Dc4pfnm%25242s4b%25241%2540FreeBSD.csie.NCTU.edu.tw%26rnum%3D
>How-To-Repeat:
    Using cyrus-sasl2 v 2.1.17 and later try authenticating against SMTP-AUTH using a "user@example.com" username format, and watch the SQL logs for what is being passed.
>Fix:
    Possible options:
- Don't allow cyrus-sasl2 v 2.1.17 or 2.1.18 to be installed?
- Put --with-authdaemond option as available to the port so that a workaround can be quickly installed?
- Get some more blurb into the compile process so that admin is aware of the changes as opposed to blindly nuking his install (and this was not a fun thing to debug!)

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404191103.i3JB3YeH062774>