cyrus-sasl-2.1.13-ldapauxprop and LOGIN mech

From: Eugene Mogutov (eugene_m at inbox dot ru)
Date: Tue Mar 23 2004 - 05:39:10 EST

  • Next message: Etienne Goyer: "Re: Cyrus-SASL using LDAP"


    We are using patched cyrus-sasl-2.1.13-ldapauxprop by Pascal Gienger.
    The solution is excellent since it allows to store passwords on LDAP
    server and use CRAM-MD5 auth. The only problem is that we failed
    to get LOGIN mechanism working. Sendmail cannot authenticate user and
    the following message is logged:

     AUTH failure (LOGIN): no mechanism available (-4) SASL(-4):
     no mechanism available: checkpass failed

    Sample client/server pair from cyrus-sasl source tree work fine with
    CRAM-MD5 and DIGEST-MD5 but also fail with LOGIN and PLAIN mechs so
    it's probably not sendmail problem.

    The package is running on FreeBSD-current and was built with the following
    set of configure options:

     --enable-static --enable-login --enable-auth-sasldb --with-openssl=/usr
     --with-rc4=openssl --with-saslauthd --with-ldapauxprop --with-ldap

    Application config for sasl looks like that:

    pwcheck_method: ldapauxprop
    ldap_user: cn=manager,dc=zzzz,dc=zz
    ldap_passwd: zzzzzzzz
    ldap_basedn: dc=zzzz,dc=zz
    ldap_filter: uid=%u
    ldap_verbose: yes

    Trying to trace sample server with freebsd truss while client is trying
    authenticate using CRAM-MD5 (successfully) and LOGIN (with "no mechanism
    available" message) shows almost the same syscall sequence, at least
    the request to LDAP server seems to be successful in both cases.

    Can anybody give a hint how to make LOGIN mechanism working with
    'ldapauxprop' variant of cyrus-sasl?


  • Next message: Etienne Goyer: "Re: Cyrus-SASL using LDAP"

    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs

    Powered By FreeBSD   Powered By FreeBSD