libsasl2-modules-sql without crypt support on debian etch

Roberto C. Sanchez roberto at connexer.com
Sun Mar 4 22:01:32 CET 2007 

On Sun, Mar 04, 2007 at 12:28:11PM +0100, Christian Schramm wrote:
> Hi!
> 
> I'm having a cyrusIMAP / Postfix configuration that is working very well 
> on a debian etch system.
> The authentification is working with auxprop and mysql.
> 
> But I have a little problem that i'd like to get solved:
> The package libsasl2-modules-sql doesn't have crypt support. So 
> sasl_password_format isn't a known option.
> For that reason I have to work with plaintext passwords which is not the 
> most secure solution.
> 
> For other distributions there is already a patched version available 
> (e.g. you can install it on gentoo machines with USE="crypt" emerge 
> cyrus-sasl). But I prefer having a debian based system and i've already 
> set it up.
> 
> So, will this feature be implemented in future versions of this package? 
> Is there a deb-package available that contains this patch?
> 
Short answer:

No, this will not be considered.

Long answer:

Long, long ago, in a galaxy far, far away, a bug [0] was filed.  The
submitter was even kind enough to include a patch to add crypt()
support.  The bug languished in obscurity for a long time.  Last
October, when we began an earnest push to clean up the mess which was
the Debian cyru-sasl2 package, this bug was examined.  Henrique de
Moraes Holschuh said the following:

  We should not accept that patch *ever* in any other format than a
  "optional, *disabled by default* thing you should enable only if you
  know what you are doing".  And I would not include it even in that
  form.  

  It breaks auxprop plugins, which is a fundamental way of how Cyrus
  SASL works.  It requires disabling globally some auth methods [that
  require the cleartext password to generate challenges] when the
  feature is enabled too, if the patch doesn't do this, please reject it
  without futher consideration.

That pretty much settled it.

If you *really* want it yourself, you are welcome to patch and build the
package yourself.  I have a HOWTO on this:

http://people.connexer.com/~roberto/howtos/debcustomize

Regards,

-Roberto

[0] http://bugs.debian.org/207523

-- 
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20070304/0fc69da9/attachment.pgp

More information about the Pkg-cyrus-sasl2-debian-devel mailing list