[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Channel binding being attempted even when SCRAM PLUS not advertized
|
From: |
Manvendra Bhangui |
|
Subject: |
Re: Channel binding being attempted even when SCRAM PLUS not advertized |
|
Date: |
Mon, 15 Aug 2022 23:52:14 +0530 |
On Mon, 15 Aug 2022 at 23:36, Simon Josefsson <simon@josefsson.org> wrote:
>
> Manvendra Bhangui <mbhangui@gmail.com> writes:
>
> > I have recently added SCRAM-SHA-1, SCRAM-SHA-1-PLUS, SCRAM-SHA-256 and
> > SCRAM-SHA-256-PLUS, to my smtp daemon, using gsasl.
>
> Thank you! Is indimail packaged for some distribution?
>
It is packaged officially for any distribution, but my users mostly
install it from openSUSE build service for most linux distributions or
use the docker images from github.
> It should only ever become 'y' if the callback returned non-NULL channel
> binding data, which it should not do when non-PLUS is used.
>
> Try the --no-cb argument to 'gsasl', does it help?
>
Yes, this works. Thank you.
...
>
> Maybe what you found is an unexpected behaviour in the 'gsasl' tool --
> the callback shouldn't set CB's when non-PLUS is selected. It doesn't
> have the logic to do that, but you should be able to fake it with
> --no-cb. The idea was that the tool should be as dumb as possible, to
> allow you to use --no-cb to manually chose here. But perhaps the
> default for non-PLUS
>
OK, I tried that and it works. Using --no-cb works for me as I am
primarily using gsasl for testing. It is very useful and I doubt if
there is anything else available to test the SCRAM auth methods.
--
Regards Manvendra - http://www.indimail.org
GPG Pub Key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC7CBC760014D250C