touch-packages team mailing list archive

[Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>]

By default, saslauthd caches credentials.

The cache and timeout are set by the -c and -t command line options.

You can disable caching by removing the -c from /etc/default/saslauthd,
or adjust the timeout from the default 28800 seconds by adding -t to it.

** Information type changed from Private Security to Public

** Changed in: cyrus-sasl2 (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/1396568

Title:
  saslauthd allow authentication after user deletion until it is
  restarted

Status in cyrus-sasl2 package in Ubuntu:
  Invalid

Bug description:
  as per subject it is possible to login to saslauthd with a deleted
  user credentials, until the saslauthd daemon is restarted.

  this is the output of swaks, after the user "test" deletion:

  swaks -a -tls -q AUTH -s localhost -au
  Username: test
  Password: test
  === Trying localhost:25...
  === Connected to localhost.
  <-  220 mail.csc.it ESMTP Exim 4.71 Wed, 26 Nov 2014 12:44:01 +0100
   -> EHLO server-name-removed
  <-  250-server-name-removed Hello localhost [127.0.0.1]
  <-  250-SIZE 52428800
  <-  250-PIPELINING
  <-  250-STARTTLS
  <-  250 HELP
   -> STARTTLS
  <-  220 TLS go ahead
  === TLS started w/ cipher DHE-RSA-AES256-SHA
   ~> EHLO server-name-removed
  <~  250-server-name-removed Hello localhost [127.0.0.1]
  <~  250-SIZE 52428800
  <~  250-PIPELINING
  <~  250-AUTH PLAIN LOGIN
  <~  250 HELP
   ~> AUTH LOGIN
  <~  334 VXNlcm5hbWU6
   ~> dGVzdA==
  <~  334 UGFzc3dvcmQ6
   ~> dGVzdA==
  <~  235 Authentication succeeded
   ~> QUIT
  <~  221 server-name-removed closing connection
  === Connection closed with remote host.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1396568/+subscriptions