[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Channel binding being attempted even when SCRAM PLUS not advertized

From: Manvendra Bhangui
Subject: Re: Channel binding being attempted even when SCRAM PLUS not advertized
Date: Mon, 15 Aug 2022 23:52:14 +0530

On Mon, 15 Aug 2022 at 23:36, Simon Josefsson <> wrote:
> Manvendra Bhangui <> writes:
> > I have recently added SCRAM-SHA-1, SCRAM-SHA-1-PLUS, SCRAM-SHA-256 and
> > SCRAM-SHA-256-PLUS, to my smtp daemon, using gsasl.
> Thank you!  Is indimail packaged for some distribution?
It is packaged officially for any distribution, but my users mostly
install it from openSUSE build service for most linux distributions or
use the docker images from github.

> It should only ever become 'y' if the callback returned non-NULL channel
> binding data, which it should not do when non-PLUS is used.
> Try the --no-cb argument to 'gsasl', does it help?

Yes, this works. Thank you.
> Maybe what you found is an unexpected behaviour in the 'gsasl' tool --
> the callback shouldn't set CB's when non-PLUS is selected.  It doesn't
> have the logic to do that, but you should be able to fake it with
> --no-cb.  The idea was that the tool should be as dumb as possible, to
> allow you to use --no-cb to manually chose here.  But perhaps the
> default for non-PLUS

OK, I tried that and it works. Using --no-cb works for me as I am
primarily using gsasl for testing. It is very useful and I doubt if
there is anything else available to test the SCRAM auth methods.
Regards Manvendra -
GPG Pub Key

reply via email to

[Prev in Thread] Current Thread [Next in Thread]