Ubuntu
cyrus-sasl2 package

missing httpform plugin for saslauthd

  1. Jammy (22.04)
  2. Bug #1992105
Bug #1992105 reported by Amit
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
cyrus-sasl2 (Ubuntu)
In Progress
Undecided
Lena Voytek
Focal
In Progress
Undecided
Lena Voytek
Jammy
In Progress
Undecided
Lena Voytek
Kinetic
Won't Fix
Undecided
Lena Voytek
Lunar
In Progress
Undecided
Lena Voytek

Bug Description

Hi, we noticed missing httpform plugin for saslauthd. We are migrating from Centos.

== On Centos (Notice the httpform at the end)

/usr/sbin/saslauthd -v
saslauthd 2.1.26
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap httpform

== On Ubuntu jammy
/usr/sbin/saslauthd -v
saslauthd 2.1.27
authentication mechanisms: sasldb getpwent kerberos5 pam rimap shadow ldap

== Potential fix

add the "--enable-httpform" flag to the sasl2-bin package build

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: sasl2-bin 2.1.27+dfsg2-3ubuntu1
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic aarch64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: arm64
CasperMD5CheckResult: unknown
Date: Thu Oct 6 14:54:13 2022
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=C.UTF-8
 SHELL=/bin/bash
SourcePackage: cyrus-sasl2
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Amit (amit777) wrote :
Revision history for this message
Lena Voytek (lvoytek) wrote :

Hello,
Thank you for the bug report. I can confirm Ubuntu does not currently support the httpform auth mechanism. I reproduced this with the following in both 22.04 and 22.10:

# lxc launch images:ubuntu/jammy test-saslauthd
# lxc exec test-saslauthd bash

# apt update && apt dist-upgrade -y
# apt install sasl2-bin
# saslauthd -v

It seems that it would be relatively easy to add this to Ubuntu if needed. Is there anything specific you require this authentication mechanism for instead of the other available ones?

Changed in cyrus-sasl2 (Ubuntu Jammy):
status: New → Confirmed
Changed in cyrus-sasl2 (Ubuntu Kinetic):
status: New → Confirmed
Revision history for this message
Amit (amit777) wrote :

Hi, thanks for the quick response!

Yes, this is critical for us because we configure postfix to do SMTP authentication using an HTTP endpoint on our backend (rather than using lookup tables etc). The other available auth mechanisms do not allow for authentication using an HTTP web service.

Revision history for this message
Lena Voytek (lvoytek) wrote :

Thanks for the info, that is a good justification for adding httpform to Ubuntu. I'll get started on it.

Changed in cyrus-sasl2 (Ubuntu Jammy):
status: Confirmed → In Progress
Changed in cyrus-sasl2 (Ubuntu Kinetic):
status: Confirmed → In Progress
Changed in cyrus-sasl2 (Ubuntu Jammy):
assignee: nobody → Lena Voytek (lvoytek)
Changed in cyrus-sasl2 (Ubuntu Kinetic):
assignee: nobody → Lena Voytek (lvoytek)
Revision history for this message
Amit (amit777) wrote :

Please let me know if I can help test anything out!

Revision history for this message
Lena Voytek (lvoytek) wrote :

Thanks for the help! I've created a ppa that enables httpform and confirmed that it showed up when running saslauthd -v. It's located here: https://launchpad.net/~lvoytek/+archive/ubuntu/cyrus-sasl2-saslauthd-add-httpform

If you'd like to install and test, you can run:

sudo add-apt-repository ppa:lvoytek/cyrus-sasl2-saslauthd-add-httpform
sudo apt update
sudo apt upgrade

Revision history for this message
Amit (amit777) wrote :

This works great, thanks!

I did notice that the package version is 2.1.27 while the latest version is 2.1.28. It's not material to us, but I just thought I'd mention it in case the build process needs to change for that separately.

Revision history for this message
Amit (amit777) wrote :

Hi Lena, Does this ppa include packages for ARM64? The update/upgrade steps didn't seem to pull down any packages on my local VM running on Mac M1 chip.

Revision history for this message
Lena Voytek (lvoytek) wrote :

Hi Amit,

Ubuntu 22.04 is currently sticking with version 2.1.27 + security and feature updates to maintain consistency and stability. Ubuntu 22.10, which is fully releasing soon, uses 2.1.28 though. The package will be actively maintained in 22.04 until 2027 but may not experience many version bumps.

Ah I haven't activated ARM64 on the ppa, I'll do that now.
Thanks!

Revision history for this message
Amit (amit777) wrote :

Hi Lena, Would it be possible for this to also be enabled on Ubuntu 20.04 (Focal)? We have some servers that need to run on 20.04 because of some unrelated software compatibility issues.

Revision history for this message
Lena Voytek (lvoytek) wrote :

Sure, I'll add that in and update the ppa for you. Currently we're waiting on the new development release cycle (23.04) to get started to add it there, then I can officially backport it to kinetic, jammy, and focal.

Changed in cyrus-sasl2 (Ubuntu Focal):
status: New → In Progress
assignee: nobody → Lena Voytek (lvoytek)
Revision history for this message
Amit (amit777) wrote :

Thank you!

Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

Ubuntu 22.10 (Kinetic Kudu) has reached end of life, so this bug will not be fixed for that specific release.

Changed in cyrus-sasl2 (Ubuntu Kinetic):
status: In Progress → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.