SASL2 negotation failes with DIGEST-MD5 mech, but succeeds with CRAM-MD5


Subject: SASL2 negotation failes with DIGEST-MD5 mech, but succeeds with CRAM-MD5
From: Durk Strooisma (durk at kern dot nl)
Date: Wed Apr 16 2003 - 09:40:16 EDT


Hi all,

I have some difficulties with SASL2 and the use of the DIGEST-MD5 mechanism.
To test the SASL2 behaviour I've downloaded the cyrus-sasl-2.1.13
distribution and compiled the sample-server and sample-client.

I'm running a Debian sarge (testing) system with the following SASL packages
installed:

libsasl2 2.1.2-2
libsasl2-digestmd5-plain 2.1.2-2
libsasl2-modules-plain 2.1.2-2
libsasl7 1.5.27-3.3
sasl2-bin 2.1.2-2

With the sample server and sample client I can test if the SASL negotiation
can be successful completed. I've set up a sasldb2 with one user called
"durk".

defaultsarge:~/cyrus-sasl-2.1.13/sample# sasldblistusers2
durk@defaultsarge: userPassword

I've created a file called /usr/lib/sasl2/sample.conf:

defaultsarge:~/cyrus-sasl-2.1.13/sample# cat /usr/lib/sasl2/sample.conf
pwcheck_method: auxprop

Now if I try to make a SASL negotiation using the CRAM-MD5 mechanism
the negotiation completes successful, but if I try DIGEST-MD5, the
negotiation fails. Here are the details of the testing:

Command used to start the sample server: ./sample-server
Command used to start the sample client with CRAM-MD5: ./sample-client -a
durk -m CRAM-MD5
Command used to start the sample client with DIGEST-MD5: ./sample-client -a
durk -m DIGEST-MD5

The errornous output of the DIGEST-MD5 test is as follows:

defaultsarge:~/cyrus-sasl-2.1.13/sample# ./sample-client -a durk -m
DIGEST-MD5Waiting for mechanism list from server...
S: TE9HSU4gQU5PTllNT1VTIFBMQUlOIENSQU0tTUQ1IERJR0VTVC1NRDU=
recieved 41 byte message
Forcing use of mechanism DIGEST-MD5
Choosing best mechanism from: DIGEST-MD5
Using mechanism DIGEST-MD5
Sending initial response...
C: RElHRVNULU1ENQ==
Waiting for server reply...
S:
bm9uY2U9IlVVRVJURU9PSjdXSmhBYjRWdGYycGRZVjhEaE1oOFpVKzBGWVJqTW9Sem89IixyZWFsbT0iZGVmYXVsdHNhcmdlIixxb3A9ImF1dGgsYXV0aC1pbnQiLGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNzrecieved126 byte message
returning OK: durk
Password:
Sending response...
C:
dXNlcm5hbWU9ImR1cmsiLHJlYWxtPSJkZWZhdWx0c2FyZ2UiLG5vbmNlPSJVVUVSVEVPT0o3V0poQWI0VnRmMnBkWVY4RGhNaDhaVSswRllSak1vUnpvPSIsY25vbmNlPSJPRkExbCt5YmlFR2I4OEt0UCsrOG9CKzVRMENBZ3M3VU5sNHQwVzhmU3U4PSIsbmM9MDAwMDAwMDEscW9wPWF1dGgtaW50LGNoYXJzZXQ9dXRmLTgsZGlnZXN0LXVyaT0icmNtZC8iLHJlc3BvbnNlPTUyYjVmYjkxYjM5NTVhOGY2M2MzOWVlYjY3ZDc2MTFkWaitingfor server reply...
S: cnNwYXV0aD0xYTk0ZTc3ZjlmNjNlNTRmMzQyMmY4YzJlZDc2YzhmZA==
recieved 40 byte message
lt-sample-client: SASL Error: attempting client step after doneflag
lt-sample-client: Performing SASL negotiation: generic failure
defaultsarge:~/cyrus-sasl-2.1.13/sample#

Well as you see a "generic failure", I have no clue how to fix this...

Anyone idea's?

Thanks in advance,

Durk

(this is posted on cyrus-sasl at lists dot andrew dot cmu dot edu and
debian-devel at lists dot debian dot org)







Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD