(For "info-cyrus" users: I reported a problem to "cyrus-sasl" that arises from some obscure getpwnam() call upon an imap login even if authentication is exclusively made via SASL->LDAP. I thought this call resulted from SASL, but it apparently does not)
Rob Siemborski schrieb am Thu, Dec 20, 2001 at 02:49:58PM -0500: * On Thu, 20 Dec 2001 [EMAIL PROTECTED] wrote: * * > We searched through the sources and found that the origin of the NIS * > calls were no functions in the cyrus-imapd but some (we do not know * > which one) getpwnam()s within the SASL libs. The getpwnam() is not part * > of the ldap-mysql-patch from http://www.surf.org.uk/. * * There is only one getwpnam call in cyrus-sasl 1.5.27, and it is in * checkpw.c, as the "passwd" verifier. The only way it would be being * called is if you were using the "passwd" verifier (check the * pwcheck_method sasl option). Which was set to "ldap" using the ldap-mysql-patch. Mmmh. ( *looking again into the sources of cyrus-imap-2.0.16*: ) I think now that the offender is indeed somewhere else. Within the cyrus-imap sources is the file "unix_auth.c" which contains a getpwnam() inside auth_newstate(). This function is called from "imapd.c" inside acl_ok() and does not seem to care about which authentication scheme you use. To me it seems like an attempt to look up a user to verify his/her access rights. Why is this neccesary? I thought that cyrus is a "black box" server that holds all user information (authentication done already somewhere else) in its "mailboxes.db"? Side note: this code also exists in cyrus-imapd-2.1.0. Regards, - Birger
