Hi all, I have some difficulties with SASL2 and the use of the DIGEST-MD5 mechanism. To test the SASL2 behaviour I've downloaded the cyrus-sasl-2.1.13 distribution and compiled the sample-server and sample-client.
I'm running a Debian sarge (testing) system with the following SASL packages installed: libsasl2 2.1.2-2 libsasl2-digestmd5-plain 2.1.2-2 libsasl2-modules-plain 2.1.2-2 libsasl7 1.5.27-3.3 sasl2-bin 2.1.2-2 With the sample server and sample client I can test if the SASL negotiation can be successful completed. I've set up a sasldb2 with one user called "durk". defaultsarge:~/cyrus-sasl-2.1.13/sample# sasldblistusers2 [EMAIL PROTECTED]: userPassword I've created a file called /usr/lib/sasl2/sample.conf: defaultsarge:~/cyrus-sasl-2.1.13/sample# cat /usr/lib/sasl2/sample.conf pwcheck_method: auxprop Now if I try to make a SASL negotiation using the CRAM-MD5 mechanism the negotiation completes successful, but if I try DIGEST-MD5, the negotiation fails. Here are the details of the testing: Command used to start the sample server: ./sample-server Command used to start the sample client with CRAM-MD5: ./sample-client -a durk -m CRAM-MD5 Command used to start the sample client with DIGEST-MD5: ./sample-client -a durk -m DIGEST-MD5 The errornous output of the DIGEST-MD5 test is as follows: defaultsarge:~/cyrus-sasl-2.1.13/sample# ./sample-client -a durk -m DIGEST-MD5Waiting for mechanism list from server... S: TE9HSU4gQU5PTllNT1VTIFBMQUlOIENSQU0tTUQ1IERJR0VTVC1NRDU= recieved 41 byte message Forcing use of mechanism DIGEST-MD5 Choosing best mechanism from: DIGEST-MD5 Using mechanism DIGEST-MD5 Sending initial response... C: RElHRVNULU1ENQ== Waiting for server reply... S: bm9uY2U9IlVVRVJURU9PSjdXSmhBYjRWdGYycGRZVjhEaE1oOFpVKzBGWVJqTW9Sem89IixyZWFsbT0iZGVmYXVsdHNhcmdlIixxb3A9ImF1dGgsYXV0aC1pbnQiLGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNzrecieved126 byte message returning OK: durk Password: Sending response... C: dXNlcm5hbWU9ImR1cmsiLHJlYWxtPSJkZWZhdWx0c2FyZ2UiLG5vbmNlPSJVVUVSVEVPT0o3V0poQWI0VnRmMnBkWVY4RGhNaDhaVSswRllSak1vUnpvPSIsY25vbmNlPSJPRkExbCt5YmlFR2I4OEt0UCsrOG9CKzVRMENBZ3M3VU5sNHQwVzhmU3U4PSIsbmM9MDAwMDAwMDEscW9wPWF1dGgtaW50LGNoYXJzZXQ9dXRmLTgsZGlnZXN0LXVyaT0icmNtZC8iLHJlc3BvbnNlPTUyYjVmYjkxYjM5NTVhOGY2M2MzOWVlYjY3ZDc2MTFkWaitingfor server reply... S: cnNwYXV0aD0xYTk0ZTc3ZjlmNjNlNTRmMzQyMmY4YzJlZDc2YzhmZA== recieved 40 byte message lt-sample-client: SASL Error: attempting client step after doneflag lt-sample-client: Performing SASL negotiation: generic failure defaultsarge:~/cyrus-sasl-2.1.13/sample# Well as you see a "generic failure", I have no clue how to fix this... Anyone idea's? Thanks in advance, Durk (this is posted on [EMAIL PROTECTED] and debian-devel@lists.debian.org)
