Alec Kloss wrote: [dd]
> > As far as I can tell (and as amazing as this sounds), the order of the > offered mechanisms from Cyrus sasl is, by default, the reverse of the > order that the library finds them. This would be, in effect, the > reverse physical directory order of the modules in > /usr/[local]/lib/sasl2/ which you can find with ls -U. I've confirmed > this by making copies and deletes of the .so files in that directory to > rearrange the ordering. The list is reversed from the order they're > found in because mechanism list is a linked list and new entries are > prepened (around server.c:392). Thank you for having found this out. This is truly amazing. This means that if perchance I touch a file in /usr/local/lib/sasl2/, my Kerberos SSO can stop working? > > As the link your provided mentions, Cyrus SASL believes it's the client > that should select the preferred mechanism from the list offered by the > server, not just the first one. So we seem to have a stalemate situation. The SASL library believes the client should select the preferred mechanism, whereas the Subversion client relies on "the order suggested by the server". Brilliant. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru
