diff options
| author | Philip Hazel <ph10@hermes.cam.ac.uk> | 2005-04-05 14:33:27 +0000 |
|---|---|---|
| committer | Philip Hazel <ph10@hermes.cam.ac.uk> | 2005-04-05 14:33:27 +0000 |
| commit | c5ddb310a1f89a0560eea67879921570b046b179 (patch) | |
| tree | e319f691df272b5afab5f41c4af08af3b94dff3e /doc | |
| parent | acb1b3461349256ee2422aa39b6f2d810681ae47 (diff) | |
Patch to fix Cyrus-SASL unavailable mechanisms problem.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-txt/ChangeLog | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 8a7274491..d5c658131 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.109 2005/04/05 14:02:30 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.110 2005/04/05 14:33:27 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -125,6 +125,31 @@ PH/22 Added support for macro redefinition, and (re)definition in between PH/23 The cyrus_sasl authenticator was expanding server_hostname, but then forgetting to use the resulting value; it was using the unexpanded value. +PH/24 The cyrus_sasl authenticator was advertising mechanisms for which it + hadn't been configured. The fix is from Juergen Kreileder, who + understands it better than I do: + + "Here's what I see happening with three configured cyrus_sasl + authenticators configured (plain, login, cram-md5): + + On startup auth_cyrus_sasl_init() gets called for each of these. + This means three calls to sasl_listmech() without a specified mech_list. + => SASL tests which mechs of all available mechs actually work + => three warnings about OTP not working + => the returned list contains: plain, login, cram-md5, digest-md5, ... + + With the patch, sasl_listmech() also gets called three times. But now + SASL's mech_list option is set to the server_mech specified in the the + authenticator. Or in other words, the answer from sasl_listmech() + gets limited to just the mech you're testing for (which is different + for each call.) + => the return list contains just 'plain' or 'login', 'cram-md5' or + nothing depending on the value of ob->server_mech. + + I've just tested the patch: Authentication still works fine, + unavailable mechs specified in the exim configuration are still + caught, and the auth.log warnings about OTP are gone." + A note about Exim versions 4.44 and 4.50 ---------------------------------------- |