cyrus-sasl2 denies authentication if host name unresolvable

Bug #888552 reported by Hadmut Danisch
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cyrus-sasl2 (Ubuntu)
New
Medium
Unassigned

Bug Description

This just cost me about >5 hours of debugging. cyrus-sasl2 does not authenticate against a server if the hostname is not dns-resolvable.

After upgrading to oneirc, I wondered, why the mail client mutt could access an imap server on three on my systems, but not on the fourth machine. It did not even try to authenticate after the imap server's greeting message and aborted with
"Error allocating SASL connection" , although the configuration files were identical.

After hours of debugging and analyzing with strace, tcpdump and source code I found that the reason was that the machine where it did not work was not known to my DNS name server. A query to it's (plain) hostname therefore failed. After modifying DNS to give an answer, SASL worked. Before, sasl_client_new() just gave a -1 as a result code.

This is broken by design. I did not even work if the server was at 127.0.0.1, and the machine and the authentication should really work even without DNS resolving.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: libsasl2-2 2.1.24~rc1.dfsg1+cvs2011-05-23-4ubuntu2
ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4
Uname: Linux 3.0.0-12-generic i686
ApportVersion: 1.23-0ubuntu4
Architecture: i386
Date: Thu Nov 10 14:39:23 2011
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111011)
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 LC_MESSAGES=en_US.UTF-8
 SHELL=/bin/tcsh
SourcePackage: cyrus-sasl2
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Hadmut Danisch (hadmut) wrote :
Dave Walker (davewalker)
Changed in cyrus-sasl2 (Ubuntu):
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.