Not entirely security related, but I find if of interest and will be digging into it a bit further and posting additional info, there seems to be a compatibility issue between Cyrus SASL and gsasl (what FreeBSD uses). If you try running a pidgin(Linux) with the Cyrus SASL, it will produce a generic error "SASL error", the debug information shows that it's not actually a problem with pidgin...
That's really the quick and dirty of it. If you want to use a FreeBSD jabberd2 server and have Linux clients, then said Linux clients must be compiled with the --disable-cyrus-sasl option. Here are the args that I used on my Ubuntu box when compiling pidgin to make it work with my FreeBSD 6.2 test box running jabberd2, I used a similar set to get FC6 to work also by disabling Cyrus SASL:
Arguments to ./configure: '--build=i486-linux-gnu' '--prefix=/usr' '--includedir=/include' '--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/lib/pidgin' '--disable-maintainer-mode' '--disable-dependency-tracking' '--enable-perl' '--disable-silc' '--with-zephyr=/usr' '--enable-dbus' '--enable-gnutls=no' '--enable-nss=yes' '--disable-cyrus-sasl' '--enable-nm' '--enable-mono' 'build_alias=i486-linux-gnu' 'CC=cc' 'CFLAGS=-g'
should produce the following output (or similar), pay special attention to the bolded SASL section:
pidgin 2.2.1So, evidently the built in SASL stuff that the pidgin team wrote, works with gsasl and Cyrus SASL doesn't, go figure.
Build GTK+ 2.x UI............. : yes
Build console UI.............. : yes
Build for X11................. : yes
Enable Gestures............... : yes
Protocols to build dynamically : bonjour gg irc jabber msn myspace novell oscar qq sametime simple yahoo zephyr
Protocols to link statically.. :
Build with GStreamer support.. : yes
Build with D-Bus support...... : yes
D-Bus services directory...... : /usr/share/dbus-1/services
Build with NetworkManager..... : no
SSL Library/Libraries......... : Mozilla NSS and GnuTLS
Build with Cyrus SASL support. : no
Use kerberos 4 with zephyr.... : no
Use external libzephyr........ : no
Has you....................... : yes
Use XScreenSaver Extension.... : yes
Use X Session Management...... : yes
Use startup notification...... : yes
Build with GtkSpell support... : yes
Build with plugin support..... : yes
Build with Mono support....... : no
Build with Perl support....... : yes
Build with Tcl support........ : yes
Build with Tk support......... : yes
Print debugging messages...... : no
Cheers,
JJC
No comments:
Post a Comment