cyrus-sasl2 denies authentication if host name unresolvable

Bug #888552 reported by Hadmut Danisch on 2011-11-10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cyrus-sasl2 (Ubuntu)

Bug Description

This just cost me about >5 hours of debugging. cyrus-sasl2 does not authenticate against a server if the hostname is not dns-resolvable.

After upgrading to oneirc, I wondered, why the mail client mutt could access an imap server on three on my systems, but not on the fourth machine. It did not even try to authenticate after the imap server's greeting message and aborted with
"Error allocating SASL connection" , although the configuration files were identical.

After hours of debugging and analyzing with strace, tcpdump and source code I found that the reason was that the machine where it did not work was not known to my DNS name server. A query to it's (plain) hostname therefore failed. After modifying DNS to give an answer, SASL worked. Before, sasl_client_new() just gave a -1 as a result code.

This is broken by design. I did not even work if the server was at, and the machine and the authentication should really work even without DNS resolving.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: libsasl2-2 2.1.24~rc1.dfsg1+cvs2011-05-23-4ubuntu2
ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4
Uname: Linux 3.0.0-12-generic i686
ApportVersion: 1.23-0ubuntu4
Architecture: i386
Date: Thu Nov 10 14:39:23 2011
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111011)
 PATH=(custom, user)
SourcePackage: cyrus-sasl2
UpgradeStatus: No upgrade log present (probably fresh install)

Hadmut Danisch (hadmut) wrote :
Dave Walker (davewalker) on 2011-11-11
Changed in cyrus-sasl2 (Ubuntu):
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers