Selcuk Yazar:
> Thank you Koko for warning , hopelessly i try to my chance :(
>
> but i found this after ,i sent email
>
> "...From a cursory inspection of lib/pwcheck.c, saslauthd does not get
> passed
> any client IP information and cannot log it or forward it to pam..."
Postfix currently sends no IP address to the Cyrus SASL library.
Long ago, libsasl did not use this information, and the Postfix
side code has not been updated.
You can try this patch and see if it fixes the problem (or if it
causes new ones).
Wietse
--- src/xsasl/xsasl_cyrus_server.c- 2015-03-30 20:09:23.000000000 -0400
+++ src/xsasl/xsasl_cyrus_server.c 2015-12-02 09:00:35.000000000 -0500
@@ -259,8 +259,6 @@
XSASL_SERVER_CREATE_ARGS *args)
{
const char *myname = "xsasl_cyrus_server_create";
- char *server_address;
- char *client_address;
sasl_conn_t *sasl_conn = 0;
XSASL_CYRUS_SERVER *server = 0;
int sasl_status;
@@ -291,27 +289,10 @@
#define NO_SESSION_CALLBACKS ((sasl_callback_t *) 0)
#define NO_AUTH_REALM ((char *) 0)
-#if SASL_VERSION_MAJOR >= 2 && defined(USE_SASL_IP_AUTH)
-
- /*
- * Get IP addresses of local and remote endpoints for SASL.
- */
-#error "USE_SASL_IP_AUTH is not implemented"
-
-#else
-
- /*
- * Don't give any IP address information to SASL. SASLv1 doesn't use it,
- * and in SASLv2 this will disable any mechanisms that do.
- */
- server_address = 0;
- client_address = 0;
-#endif
-
if ((sasl_status =
SASL_SERVER_NEW(args->service, var_myhostname,
args->user_realm ? args->user_realm : NO_AUTH_REALM,
- server_address, client_address,
+ args->server_addr, args->client_addr,
NO_SESSION_CALLBACKS, NO_SECURITY_LAYERS,
&sasl_conn)) != SASL_OK) {
msg_warn("SASL per-connection server initialization: %s",
