Bug 8389

Summary: Enable "alwaystrue" in cyrus-sasl
Product: Mageia Reporter: Romain MARIADASSOU <roms2000>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact:
Severity: enhancement    
Priority: Normal CC: guillomovitch, luigiwalser, oe, thierry.vignaud
Version: CauldronKeywords: Junior_job
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: cyrus-sasl CVE:
Status comment:

Description Romain MARIADASSOU 2012-12-14 21:13:54 CET 
Description of problem:
Enable option "--enable-alwaystrue" in cyrus-sasl package.

This option make possible to bypass auth and enable login with any password using the saslauthd with cyrus imapd.
For example, it make possible to configure SOGo + OpenChange to use Cyrus as IMAP Backend.

This option is enabled in Debien since 2002 (see : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=170495)

Thank you for your understanding.

How reproducible:
Always

Steps to correct the problem :
- Edit cyrus-sasl.spec and change "configure" line with :
%configure      --enable-static --enable-shared \
                --with-plugindir=%{_libdir}/sasl2 \
                --with-configdir=%{_sysconfdir}/sasl2:%{_libdir}/sasl2 \
                --disable-krb4 \
                --enable-login \
                --enable-alwaystrue \
- Rebuild the package
Manuel Hiebel 2012-12-25 14:14:32 CET

Keywords: (none) => Junior_job
CC: (none) => guillomovitch, luigiwalser, thierry.vignaud

David Walser 2012-12-25 14:44:57 CET

CC: (none) => oe

Comment 1 Guillaume Rousse 2012-12-26 13:49:14 CET 
I just submitted cyrus-sasl-2.1.25-8.mga3 with the requested change.
Comment 2 David Walser 2012-12-26 14:51:09 CET 
Fixed by Guillaume.

Status: NEW => RESOLVED
Resolution: (none) => FIXED