Hi there,
I tracked the issue down into the source code of imapd. Actually, its
SASL or something even further downstream, which hangs. sasl_checkpass()
in cmd_login() simply does not return (put syslogs immediately before
and after) in case the correct password is supplied and I connected to
imapd using imaps.
changed the if around line 1917 in imapd.c
syslog(LOG_NOTICE, "attempting SASL pwd for %s with %s", canon_user,
passwd);
r =
sasl_checkpass(imapd_saslconn,canon_user,strlen(canon_user),passwd,strlen(passwd));
syslog(LOG_NOTICE, "SASL returned %d for %d", r, SASL_OK);
interestingly the first syslog is exactly the same, no matter if I do
telnet mail imap or openssl s_client -connect mail:imaps,
but in the first case it returns well, in the latter it does only
return, if the password is wrong. Otherwise, it hangs in running state
eating lots of CPU time (99%).
SASL uses the ldapdb backend to retrieve the password using ldaps. Is
there anything prohibiting two simultaneous SSL connections for a single
process? Can somebody with deeper SASL understanding give me some hint?
Regards,
- lars.
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
