SASL is Cyrus's Simple Authentication and Security Layer. And like every other Cyrus project I've seen, its a big mystery.

See SASL for information on what its (supposed) to do. See here for notes on its use.

SASL Re-entrance bug

libsasl has an unfortunate bug in that it is non re-entrant. This has the unfortunate effect of casuing segfaults in applications using libsasl.

I've seen this occur mainly when using libnss-ldap and libpam-ldap coupled with cyrus imapd. The big problem here is that both libldap2 and cyrus imapd's auth module are linked against libsasl - this can cause a chain of events which leads to a double free, which causes the application to die with SIGSEGV (SIG11, segmentation fault)

Solution: recompile libldap2 without cyrus sasl support.

Under Debian:

• apt-get source libldap2 (gets the openldap2 source package)
• edit debian/rules and change --with-cyrus-sasl to read --without-cyrus-sasl, and also remove the --with-spasswd directive (this depends on cyrus-sasl.
• edit debian/changelog and add a new changelog entry, bumping the version number to indicate a new build so that it doesn't get overridden later on.
• run dpkg-buildpackage, and install

Under RedHat: AddToMe

• get the srpm and unpack it (rpm -i <whatever the rpm is called>.srpm
• edit the SPEC file (/usr/src/redhat/SPECS/openldap2.spec or whatever)
• and change --with-cyrus-sasl to read --without-cyrus-sasl, and also remove the --with-spasswd directive (this depends on cyrus-sasl.
• change the version number of the rpm so that it wont be overridden
• run rpm -bb <SPECFILE> to rebuild