Alec Kloss wrote:
[dd]
>
> As far as I can tell (and as amazing as this sounds), the order of the
> offered mechanisms from Cyrus sasl is, by default, the reverse of the
> order that the library finds them. This would be, in effect, the
> reverse physical directory order of the modules in
> /usr/[local]/lib/sasl2/ which you can find with ls -U. I've confirmed
> this by making copies and deletes of the .so files in that directory to
> rearrange the ordering. The list is reversed from the order they're
> found in because mechanism list is a linked list and new entries are
> prepened (around server.c:392).
Thank you for having found this out. This is truly amazing. This means
that if perchance I touch a file in /usr/local/lib/sasl2/, my Kerberos
SSO can stop working?
>
> As the link your provided mentions, Cyrus SASL believes it's the client
> that should select the preferred mechanism from the list offered by the
> server, not just the first one.
So we seem to have a stalemate situation. The SASL library believes
the client should select the preferred mechanism, whereas the Subversion
client relies on "the order suggested by the server". Brilliant.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov_at_sibptus.tomsk.ru
Received on 2010-07-27 04:15:24 CEST