New in 2.1.22
-------------
* Added support for spliting big data blocks (bigger than maxbuf)
into multiple SASL packets in sasl_encodev
* Various sasl_decode64() fixes
* Increase canonicalization buffer size to 1024 bytes
* Call do_authorization() after successful APOP authentication
* Allow for configuration file location to be configurable independently
of plugin location (bug # 2795)
* Added sasl_set_path function, which provides a more convenient way
of setting plugin and config paths. Changed the default
sasl_getpath_t/sasl_getconfpath_t callbacks to calculate
the value only once and cache it for later use.
* Fixed load_config to search for the config file in all directories
(bug # 2796). Changed the default search path to be
/usr/lib/sasl2:/etc/sasl2
* Don't ignore log_level configuration option in default UNIX syslog
logging callback
* (Windows) Minor IPv6 related changes in Makefiles for Visual Studio 6
* (Windows) Fixed bug of not setting the CODEGEN (code generation option)
nmake option if STATIC nmake option is set.
* Several fixed to DIGEST-MD5 plugin:
- Enable RC4 cipher in Windows build of DIGEST-MD5
- Server side: handle missing realm option as if realm="" was sent
- Fix DIGEST-MD5 to properly advertise maxssf when both DES and RC4
are disabled
- Check that DIGEST-MD5 SASL packet are no shorter than 16 bytes
* Several changes/fixed to SASLDB plugin:
- Prevent spurious SASL_NOUSER errors
- Added ability to keep BerkleyDB handle open between operations
(for performance reason). New behavior can be enabled
with --enable-keep-db-open.
* Better error checking in SQL (MySQL) auxprop plugin code
* Added support for HTTP POST password validation in saslauthd
* Added new application ("pluginviewer") that helps report information
about installed plugins
* Allow for building with OpenSSL 0.9.8
* Allow for building with OpenLDAP 2.3+
* Several quoting fixes to configure script
* A large number of other minor bugfixes and cleanups
include:
* saslauthd/lak.c: leak fix from Igor Brezac
* saslauthd/krbtf.c: updated from CMUCS
* saslauthd/auth_krb5.c: log the krb5 error return if get_creds fails
* saslauthd/auth_krb5.c, saslauthd/auth_krb4.c,
saslauthd/krbtf.h (added), saslauthd/krbtf.c (added),
saslauthd/cfile.h (added), saslauthd/cfile.c (added),
saslauthd/Makefile.am: Kerberos V4/V5 alternate keytab
in saslauthd, plus common code merging (from David Eckhardt
via Dale Moore)
* saslauthd/auth_krb5.c: verify against the service we
were passed. needs to be made configurable.
include:
* Fixes to saslauthd to allow better integration with realms (-r flag to
saslauthd, %R token in LDAP module)
* A nontrivial number of small bugfixes.
saslauthd is a daemon process that handles plaintext authentication
requests on behalf of the Cyrus SASL library. It may be compiled to
support authentication using getpwent, PAM, or an LDAP database.
