Bug#590598: saslauthd - auth via ldap/sasl logs debug messages
Dan White
dwhite at olp.net
Wed Jul 28 15:59:04 UTC 2010
On 28/07/10 16:07 +0200, Bastian Blank wrote:
>On Wed, Jul 28, 2010 at 08:24:51AM -0500, Dan White wrote:
>> On 28/07/10 10:28 +0200, Bastian Blank wrote:
>>> No. The tools must not send debug messages without being asked to do
>>> so. Why does libsasl use syslog for interactive usage anyway?
>> It's a design philosophy of how libsasl attempts to perform debugging
>> since, in many cases, it's the only way (via syslog) that it can provide
>> feedback to the user or system administrator.
>
>This is no "feedback", because I didn't ask for it. This is a DoS
>against the system via syslog. If you think this output is important,
>please describe what a normal user can read out of it, especially as
>there is no surrounding information.
>
>> This philosophy is briefly discussed in:
>> http://cyrusimap.web.cmu.edu/imapd/install-configure.html
>
>Where is this documented _in_ the Debian package that the user must
>change the default syslog config?
It is quite tersely documented in upstream within the doc/sysadmin.html,
but there is no mention in the Debian README.
--
Dan White
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list