You are viewing an old revision of this page.
SASL is Cyrus's Simple Authentication and Security Layer. And like every other Cyrus project I've seen, its a big mystery.
See SASL for information on what its (supposed) to do. See here for notes on its use.
SASL Re-entrance bug
libsasl has an unfortunate bug in that it is non re-entrant. This has the unfortunate effect of casuing segfaults in applications
using libsasl.
I've seen this occur mainly when using libnss-ldap and libpam-ldap coupled with cyrus imapd. The big problem here is that both libldap2
and cyrus imapd's auth module are linked against libsasl - this can cause a chain of events which leads to a double free, which causes the application to die with SIGSEGV (SIG11, segmentation fault)
Solution: recompile libldap2 without cyrus sasl support.
Under Debian:
- apt-get source libldap2 (gets the openldap2 source package)
- edit debian/rules and change --with-cyrus-sasl to read --without-cyrus-sasl, and also remove the --with-spasswd directive (this depends on cyrus-sasl.
- edit debian/changelog and add a new changelog entry, bumping the version number to indicate a new build so that it doesn't get overridden later on.
- run dpkg-buildpackage, and install
Under RedHat: AddToMe
- get the srpm and unpack it (rpm -i <whatever the rpm is called>.srpm
- edit the SPEC file (/usr/src/redhat/SPECS/openldap2.spec or whatever)
- and change --with-cyrus-sasl to read --without-cyrus-sasl, and also remove the --with-spasswd directive (this depends on cyrus-sasl.
- change the version number of the rpm so that it wont be overridden
- run rpm -bb <SPECFILE> to rebuild