Bug#590598: saslauthd - auth via ldap/sasl logs debug messages

Dan White dwhite at olp.net
Wed Jul 28 13:24:51 UTC 2010


On 28/07/10 10:28 +0200, Bastian Blank wrote:
>On Wed, Jul 28, 2010 at 12:56:40AM -0500, Dan White wrote:
>> On 27/07/10 21:59 +0200, Bastian Blank wrote:
>> It's because of the 'auth,authpriv.*' line in rsyslogd.conf (it also exists
>> the same way in the sysklogd package).
>
>Yes, this is the correct default.
>
>> The debug statements also happen when bypassing saslauthd:
>> ldapwhoami -H ldap://192.0.2.1 -U jsmith -Y DIGEST-MD5
>> or using imtest.
>
>So libsasl reports debug messages to syslog.

Correct.

>> To drop the messages from syslog, replace that line with:
>> auth,authpriv.info                     /var/log/auth.log
>> or some other lower priority level.
>
>No. The tools must not send debug messages without being asked to do
>so. Why does libsasl use syslog for interactive usage anyway?

It's a design philosophy of how libsasl attempts to perform debugging
since, in many cases, it's the only way (via syslog) that it can provide
feedback to the user or system administrator.

This philosophy is briefly discussed in:

http://cyrusimap.web.cmu.edu/imapd/install-configure.html

-- 
Dan White





More information about the Pkg-cyrus-sasl2-debian-devel mailing list