Cyrus SASL 1.x Release Notes

New in 1.5.26

  • Interoperability bug in DIGEST-MD5’s layers was fixed.
  • DIGEST-MD5’s DES layer has been disabled until the interoperability can be worked out.

New in 1.5.25

  • The DIGEST-MD5 plugin now includes an implementation of RC4, since it’s a lot easier to get working than interfacing with OpenSSL.
  • A delayed-open plugin mode has been implemented, but not yet documented.

New in 1.5.24

  • be a little paranoid about what we give PAM
  • small bugfixes

New in 1.5.22

  • fixed some DIGEST-MD5 buglets
  • fixed serious bug that a client could avoid the authorization callback
  • added pwcheck method “sia” for Digital Unix
  • now should try libdb-3 before libdb.

New in 1.5.21

  • build process fixes

New in 1.5.20

  • bug fixes
  • LOGIN mechanism has a compatibility tweak

New in 1.5.19

  • Initial srp work
  • Programmers Guide more complete
  • bug fixes (of course)

New in 1.5.18

  • javasasl library in conformance with internet draft
  • man pages for all functions written
  • bug fixes (of course)

New in 1.5.17

  • give application authentication name and realm more uniformly
  • sasldblistusers utility to list users in sasldb
  • memory leaks eliminated; boundary cases tested

New in 1.5.16

  • pwcheck_method now defaults to sasldb. READ UPGRADE INSTRUCTIONS IN README
  • sanity checking inputs throughout the code.
  • Unsupported LOGIN plugin added to the Windows build.
  • calling sasl_checkpass() with pwcheck_method: kerberos_v4 restores the old ticket file before returning.

New in 1.5.15

  • configure now correctly detects Berkeley DB 3.x (Claus Assmann).

New in 1.5.14

  • Upgraded to libtool 1.3.4.
  • External SSF handled more uniformly, and handle min/max SSF requests correctly.
  • Unsupported LOGIN plugin added, by Rainer Schoepf <>. Please don’t enable it unless you know you need it.
  • HP/UX support, contributed by Claus Assmann.

New in 1.5.13

  • Sanity check to make sure there’s at least something in sasldb READ UPGRADE INSTRUCTIONS IN README
  • Fixes to how external layers are handled (some fixes by Alexey Melnikov)
  • Berkeley DB 3.x support contributed by Greg Shapiro
  • Additional pwcheck fixes (Joe Hohertz)
  • Fixed Heimdal krb5 configure checks
  • other random fixes

New in 1.5.12

  • lots of bugfixes
  • DIGEST-MD5 more in conformance with spec
  • support for Berkeley DB
  • support for OpenSSL’s version of RC4

New in 1.5.11

  • bugfix in realm support for DIGEST-MD5

New in 1.5.10

  • DIGEST-MD5 layer support
  • dbconversion utility added

New in 1.5.9

  • Bug fixes
  • More win32 support
  • Realm support in the database (database format changed again, sorry) Other realm support in plugins; need to document it
  • Preliminary code for pwcheck added; not yet tested (and probably not working)
  • config stuff should be less case/whitespace sensitive
  • more error conditions logged

New in 1.5.5

  • Bug fixes
  • sasldb plaintext support (database format changed!!!)
  • Handles multiple realms in DIGEST
  • New Windows compatibility (tested!)

New in 1.5.3

  • Bug fixes
  • Tested GSSAPI & added layers
  • Some changes for Windows compatibility (next release)

New in 1.5.2

  • A few bug fixes
  • Better portability
  • Upgraded libtool

New in 1.5.0

  • Lots of bug fixes
  • A few API changes (watch especially sasl_get_prop() and sasl_set_prop()!)
  • Digest authentication works
  • Configuration file
  • Some more documentation (doc/programming)
  • Code cleanup

New in 1.4.1

  • Tested kerberos4, cram, plain, and anonymous fairly extensively
  • Many bugs fixed
  • Created sample programs
  • Added digest
  • Prototype credential API

New in 1.3b1

  • Added saslpasswd for setting sasl passwords
  • Added sfsasl for people using sfio
  • Lots of bug fixes

New in 1.2b3

  • Slightly better documentation, easier compilation
  • Plain now understands authorization and callbacks

New in 1.2b2

  • Win32 support
  • Fixes to anonymous, kerberos mechs
  • Some signed lengths in the API changed to unsigned

New in 1.2b1

  • Lots of bug fixes
  • Cleaner getopt interface
  • Cleaner plugin callback lookup interface
  • Global inits now take callback list, not just a sasl_getopt_t
  • Preliminary Java support
  • Authentication database hook
  • Default AuthDB routines moved from mechanisms to library
  • Logging hook
  • Default syslog-based logging hook in library
  • Preliminary plaintext transition for CRAM/SCRAM