Package: courier-authlib-mysql
Version: 0.58-4+etch2
The above mentioned security update seems to alter the SQL query used by
the courier auth daemon, making IMAP logins fail with:
Dec 20 19:46:49 pooh authdaemond: received auth request, service=imap,
authtype=login
Dec 20 19:46:49 pooh authdaemond: authmysql: trying this module
Dec 20 19:46:49 pooh authdaemond: authmysqllib: connected. Versions:
header 50032, client 50038, server 50038
Dec 20 19:46:49 pooh authdaemond: SQL query: SELECT id, password, "",
uid, gid, home, 'Maildir', quota, concat(firstname,' ',lastname),
CONCAT("disableimap="
,disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup)
FROM users WHERE id = 'pieter@' AND (enabled=1)
Dec 20 19:46:49 pooh authdaemond: zero rows returned
Dec 20 19:46:49 pooh authdaemond: no password available to compare
Dec 20 19:46:49 pooh authdaemond: authmysql: REJECT - try next module
Dec 20 19:46:49 pooh authdaemond: FAIL, all modules rejected
Note the '@' sign in "WHERE id = 'pieter@'". Downgrading to 0.58-4 makes
the '@' disappear and the authentication works again.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
