Suggestion for docs

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

Suggestion for docs

Peter Ajamian
The SASL_README doc has a section about doing a telnet test of a PLAIN
SASL authentication.  There are some methods suggested for generating
the base64 hash required to do the authentication,  Of those two methods
one requires downloading a special utility to generate the auth string
and the other requires installing a perl module.  I have a third suggestion:

echo -ne '\000username\000password' | openssl base64

This method is relatively easy to do, and will work with the programs
that are already readily available on most systems.  I think it would be
good to add it to the docs.


Regards,


Peter Ajamian
Reply | Threaded
Open this post in threaded view
|

Re: Suggestion for docs

Wietse Venema
Peter:

> The SASL_README doc has a section about doing a telnet test of a PLAIN
> SASL authentication.  There are some methods suggested for generating
> the base64 hash required to do the authentication,  Of those two methods
> one requires downloading a special utility to generate the auth string
> and the other requires installing a perl module.  I have a third suggestion:
>
> echo -ne '\000username\000password' | openssl base64
>
> This method is relatively easy to do, and will work with the programs
> that are already readily available on most systems.  I think it would be
> good to add it to the docs.

This does not work for me. If you make a suggestion, be sure
to indicate what platform and shell this applies to.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Suggestion for docs

Sahil Tandon-3
On Tue, 2011-06-21 at 18:45:47 -0400, Wietse Venema wrote:

> Peter:
> > The SASL_README doc has a section about doing a telnet test of a PLAIN
> > SASL authentication.  There are some methods suggested for generating
> > the base64 hash required to do the authentication,  Of those two methods
> > one requires downloading a special utility to generate the auth string
> > and the other requires installing a perl module.  I have a third suggestion:
> >
> > echo -ne '\000username\000password' | openssl base64
> >
> > This method is relatively easy to do, and will work with the programs
> > that are already readily available on most systems.  I think it would be
> > good to add it to the docs.
>
> This does not work for me. If you make a suggestion, be sure
> to indicate what platform and shell this applies to.

Appears to work in bash and zsh; not in (t)csh.  I quickly tested on
FreeBSD and Darwin.  Likely related to handling of null byte/char.

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Suggestion for docs

Noel Jones-2
On 6/21/2011 6:06 PM, Sahil Tandon wrote:

> On Tue, 2011-06-21 at 18:45:47 -0400, Wietse Venema wrote:
>
>> Peter:
>>> The SASL_README doc has a section about doing a telnet test of a PLAIN
>>> SASL authentication.  There are some methods suggested for generating
>>> the base64 hash required to do the authentication,  Of those two methods
>>> one requires downloading a special utility to generate the auth string
>>> and the other requires installing a perl module.  I have a third suggestion:
>>>
>>> echo -ne '\000username\000password' | openssl base64
>>>
>>> This method is relatively easy to do, and will work with the programs
>>> that are already readily available on most systems.  I think it would be
>>> good to add it to the docs.
>>
>> This does not work for me. If you make a suggestion, be sure
>> to indicate what platform and shell this applies to.
>
> Appears to work in bash and zsh; not in (t)csh.  I quickly tested on
> FreeBSD and Darwin.  Likely related to handling of null byte/char.
>

Yes, sh (not bash) & csh ignore the \000.

Probably more portable using printf rather than echo, but I
don't have anything other than fBSD to try it on.

printf '\000user\000pass' | openssl base64



   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Suggestion for docs

Wietse Venema
In reply to this post by Sahil Tandon-3
Sahil Tandon:

> On Tue, 2011-06-21 at 18:45:47 -0400, Wietse Venema wrote:
>
> > Peter:
> > > The SASL_README doc has a section about doing a telnet test of a PLAIN
> > > SASL authentication.  There are some methods suggested for generating
> > > the base64 hash required to do the authentication,  Of those two methods
> > > one requires downloading a special utility to generate the auth string
> > > and the other requires installing a perl module.  I have a third suggestion:
> > >
> > > echo -ne '\000username\000password' | openssl base64
> > >
> > > This method is relatively easy to do, and will work with the programs
> > > that are already readily available on most systems.  I think it would be
> > > good to add it to the docs.
> >
> > This does not work for me. If you make a suggestion, be sure
> > to indicate what platform and shell this applies to.
>
> Appears to work in bash and zsh; not in (t)csh.  I quickly tested on
> FreeBSD and Darwin.  Likely related to handling of null byte/char.

I'm away from home, so I can't quickly fire up a ksh box. It certainly
does not work with FreeBSD8 /bin/sh.

In Postfix documentation, I try to avoid examples that are limited
to one shell family, or examples that require mode text to describe
where it doe/not work than the example itself.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Suggestion for docs

Rich Wales
In reply to this post by Noel Jones-2
> printf '\000user\000pass' | openssl base64

This appears to work OK in tcsh and sh on Linux (Ubuntu Maverick).
It also works if I write "\0" instead of "\000".

Rich Wales
[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Suggestion for docs

Rob Foehl
On Tue, 21 Jun 2011, Rich Wales wrote:

>> printf '\000user\000pass' | openssl base64
>
> This appears to work OK in tcsh and sh on Linux (Ubuntu Maverick).
> It also works if I write "\0" instead of "\000".

Careful, that won't do the right thing if either string starts with a
valid octal digit.  Either use the full '\000', or be even more explicit:

printf '\0%s\0%s' 'user' 'pass' | openssl base64

-Rob
Reply | Threaded
Open this post in threaded view
|

Re: Suggestion for docs

Gerard E. Seibert
In reply to this post by Wietse Venema
On Tue, 21 Jun 2011 19:20:52 -0400 (EDT)
Wietse Venema articulated:

> Sahil Tandon:
> > On Tue, 2011-06-21 at 18:45:47 -0400, Wietse Venema wrote:
> >
> > > Peter:
> > > > The SASL_README doc has a section about doing a telnet test of
> > > > a PLAIN SASL authentication.  There are some methods suggested
> > > > for generating the base64 hash required to do the
> > > > authentication,  Of those two methods one requires downloading
> > > > a special utility to generate the auth string and the other
> > > > requires installing a perl module.  I have a third suggestion:
> > > >
> > > > echo -ne '\000username\000password' | openssl base64
> > > >
> > > > This method is relatively easy to do, and will work with the
> > > > programs that are already readily available on most systems.  I
> > > > think it would be good to add it to the docs.
> > >
> > > This does not work for me. If you make a suggestion, be sure
> > > to indicate what platform and shell this applies to.
> >
> > Appears to work in bash and zsh; not in (t)csh.  I quickly tested on
> > FreeBSD and Darwin.  Likely related to handling of null byte/char.
>
> I'm away from home, so I can't quickly fire up a ksh box. It certainly
> does not work with FreeBSD8 /bin/sh.
>
> In Postfix documentation, I try to avoid examples that are limited
> to one shell family, or examples that require mode text to describe
> where it doe/not work than the example itself.

Using FreeBSD-8.2 with GNU bash, version 4.1.10(1)-release
(amd64-portbld-freebsd8.2) as the default shell.

echo -ne '\000username\000password' | openssl base64
AHVzZXJuYW1lAHBhc3N3b3Jk

--
Jerry ✌
[hidden email]
_____________________________________________________________________
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Reply | Threaded
Open this post in threaded view
|

Re: Suggestion for docs

Wietse Venema
Jerry:

> On Tue, 21 Jun 2011 19:20:52 -0400 (EDT)
> Wietse Venema articulated:
>
> > Sahil Tandon:
> > > On Tue, 2011-06-21 at 18:45:47 -0400, Wietse Venema wrote:
> > >
> > > > Peter:
> > > > > The SASL_README doc has a section about doing a telnet test of
> > > > > a PLAIN SASL authentication.  There are some methods suggested
> > > > > for generating the base64 hash required to do the
> > > > > authentication,  Of those two methods one requires downloading
> > > > > a special utility to generate the auth string and the other
> > > > > requires installing a perl module.  I have a third suggestion:
> > > > >
> > > > > echo -ne '\000username\000password' | openssl base64
> > > > >
> > > > > This method is relatively easy to do, and will work with the
> > > > > programs that are already readily available on most systems.  I
> > > > > think it would be good to add it to the docs.
> > > >
> > > > This does not work for me. If you make a suggestion, be sure
> > > > to indicate what platform and shell this applies to.
> > >
> > > Appears to work in bash and zsh; not in (t)csh.  I quickly tested on
> > > FreeBSD and Darwin.  Likely related to handling of null byte/char.
> >
> > I'm away from home, so I can't quickly fire up a ksh box. It certainly
> > does not work with FreeBSD8 /bin/sh.
> >
> > In Postfix documentation, I try to avoid examples that are limited
> > to one shell family, or examples that require mode text to describe
> > where it doe/not work than the example itself.
>
> Using FreeBSD-8.2 with GNU bash, version 4.1.10(1)-release
> (amd64-portbld-freebsd8.2) as the default shell.
>
> echo -ne '\000username\000password' | openssl base64
> AHVzZXJuYW1lAHBhc3N3b3Jk

This does not work with FreeBSD 8.2 /bin/sh. Of course, one can
replace /bin/sh by bash, but that does not make it the default
FreeBSD shell.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Suggestion for docs

Uwe Dippel
In reply to this post by Peter Ajamian
On 06/22/2011 08:07 AM, Wietse Venema wrote:
>>>
>>> I'm away from home, so I can't quickly fire up a ksh box. It certainly
>>> does not work with FreeBSD8 /bin/sh.

Since I always have one:

works perfectly well in ksh

Uwe
Reply | Threaded
Open this post in threaded view
|

Re: Suggestion for docs

Sahil Tandon-3
In reply to this post by Wietse Venema
On Tue, 2011-06-21 at 19:20:52 -0400, Wietse Venema wrote:

> Sahil Tandon:
> > Appears to work in bash and zsh; not in (t)csh.  I quickly tested on
> > FreeBSD and Darwin.  Likely related to handling of null byte/char.
>
> I'm away from home, so I can't quickly fire up a ksh box. It certainly
> does not work with FreeBSD8 /bin/sh.

Yep, the echo(1) one-liner fails but the printf(1) that Noel suggested
succeeds.

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Suggestion for docs

Gerard E. Seibert
In reply to this post by Wietse Venema
On Tue, 21 Jun 2011 20:07:02 -0400 (EDT)
Wietse Venema articulated:

> > Using FreeBSD-8.2 with GNU bash, version 4.1.10(1)-release
> > (amd64-portbld-freebsd8.2) as the default shell.
> >
> > echo -ne '\000username\000password' | openssl base64
> > AHVzZXJuYW1lAHBhc3N3b3Jk
>
> This does not work with FreeBSD 8.2 /bin/sh. Of course, one can
> replace /bin/sh by bash, but that does not make it the default
> FreeBSD shell.
>
> Wietse

You are absolutely correct Wietse. I was simply pointing out that the
problem lies with the default shell used in FreeBSD and not FreeBSD
itself. I might add that, that is one more reason that I never
use /bin/sh anywhere if possible. IMHO, Bash is just far superior.

--
Jerry ✌
[hidden email]
_____________________________________________________________________
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Reply | Threaded
Open this post in threaded view
|

Re: Suggestion for docs

Wietse Venema
Jerry:

> On Tue, 21 Jun 2011 20:07:02 -0400 (EDT)
> Wietse Venema articulated:
>
> > > Using FreeBSD-8.2 with GNU bash, version 4.1.10(1)-release
> > > (amd64-portbld-freebsd8.2) as the default shell.
> > >
> > > echo -ne '\000username\000password' | openssl base64
> > > AHVzZXJuYW1lAHBhc3N3b3Jk
> >
> > This does not work with FreeBSD 8.2 /bin/sh. Of course, one can
> > replace /bin/sh by bash, but that does not make it the default
> > FreeBSD shell.
>
> You are absolutely correct Wietse. I was simply pointing out that the
> problem lies with the default shell used in FreeBSD and not FreeBSD
> itself. I might add that, that is one more reason that I never
> use /bin/sh anywhere if possible. IMHO, Bash is just far superior.

There is no problem with the FreeBSD shell. The problem is with
the newbies who believe all the world is LINUX.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Suggestion for docs

Wietse Venema
In reply to this post by Peter Ajamian
Wietse Venema:
> Peter:
> > The downside to this is if there's any % characters in the username or
> > password it will come out wrong.  I recommend instead:
> >
> > $ printf '\0%s\0%s' 'username' 'password' | openssl base64
> > AHVzZXJuYW1lAHBhc3N3b3Jk
>
> That is a good point. In particular % will appear in some passwords.

I have added a BASH example to the SASL_README, and updated the
printf examples. It should show up on the mirrors in the next
24 hours.

        Wietse