Date: Fri, 30 Aug 2002 00:30:03 -0700 (PDT) From: Seva Gluschenko <gvs@rinet.ru> To: freebsd-ports@FreeBSD.org Subject: Re: ports/38801: sasl_apop_patch.gz breaks LOGIN mech (SMTP AUTH) Message-ID: <200208300730.g7U7U3Zc074589@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/38801; it has been noted by GNATS. From: Seva Gluschenko <gvs@rinet.ru> To: "Scot W. Hetzel" <hetzels@westbend.net> Cc: FreeBSD-gnats-submit@FreeBSD.ORG, <noc@rinet.ru> Subject: Re: ports/38801: sasl_apop_patch.gz breaks LOGIN mech (SMTP AUTH) Date: Fri, 30 Aug 2002 11:27:03 +0400 (MSD) Hello, Scot, Message of Scot W. Hetzel at Aug 29 22:38 ... SWH> The only problem I had was a mismatch between the servers SWH> 'hostname' and DNS. The problem is that saslpasswd uses SWH> `hostname` found on the system for the default realm. While SWH> sendmail does a DNS lookup to determine the hostname of the mail SWH> server, and then uses it for the SASL realm name. A-ha, got it. That's maybe a real root of problem, 'cause I never tried to reuse another realm. The domain name might be completely different, not just a case variant (that host serves several domains). Pityfully, sendmail provides no information about the realm it asked in its logs, so I didn't recognized the problem myself. Thank you for your point. SWH> I also tested the SASL library without the APOP patch and had the SWH> same problem due to mismatched realms between sendmail and the SWH> sasldb database. SWH> I don't know why you had success with the removal of the APOP SWH> patch, unless someone had changed the case of the DNS entry for SWH> the server, while you were testing. nope, for sure. I'm using cyrus-sasl compiled by hand (not from ports) on several hosts serving many virtual domains and I never had negative experience with that. Right now I have successfully authorized SASL users which use realm taken from 'hostname' while it couldn't be taken from DNS back-resolve at all. SWH> If you could setup a test server, give it another try with the SWH> APOP patch and let us know the results. Not right now, but I'll put it onto pending state. If I have newer information, I'll report. Thank you again. SY, Seva Gluschenko, just stranger on The Road. | http://gvs.rinet.ru/ Cronyx Plus / RiNet network administrator. | GVS-RIPE | GVS3-RIPN To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208300730.g7U7U3Zc074589>