On 2012-05-24 at 23:08 +0200, Wolfgang Breyha wrote:
> On 2012-05-24 17:50, Wolfgang Breyha wrote:
> > Wolfgang Breyha wrote, on 24.05.2012 16:11:
> >> I tried to activate RC5 and fail badly with
> >>> May 24 15:58:00 moorhuhn exim[31647]: [1\2] 2012-05-24 15:58:00 sasl_cram_md5 authenticator (CRAM-MD5):
> >>> May 24 15:58:00 moorhuhn exim[31647]: [2/2] Cyrus SASL SSF 141300024 not supported by Exim
>
> I think, I found the cause...
> http://bugs.exim.org/show_bug.cgi?id=1254
Fixed, thanks, and sorry.
I use SASL extensively and had expected that if I broke this I'd have
noticed, but had forgotten that since I wrote the heimdal_gssapi auth
driver I didn't have any Cyrus SASL drivers left, and I haven't yet
figured out a decent test for this to go in the test suite.
What happens is that SASL, in some mechanisms, is able to negotiate a
"protection layer". Actually using SASL protection layers is not very
widely supported by most software, because the world moved on and uses
SSL/TLS instead.
I adjusted the Cyrus SASL integration to tell Cyrus about external
protection from TLS and to check afterwards to see if SASL had
negotiated its own protection. If SASL has, Exim declares a failure
because Exim won't do the wrap/unwrap needed.
Wolfgang's fix is correct and has been applied.
-Phil