#sasl — Public Fediverse posts

@CGM I never heard of #SASL! I have always been a huge #Wirth fan. Did tons of real-life work in #Pascal, moved through #Modula2 up to, finally, #Oberon2. Had such fond memories of it that I tried to use it last year for #AdventOfCode and learned that it was not nearly as good as I remembered. Have you tried #Racket (a kind of #Scheme)? It’s not for me but it’s interesting. Used it in a job interview once. Your description of how flow control is defined in #TCL really reminds me of Racket. I’m learning #RustLang and having the kind of #Macros you get in #Lisp and Scheme is another reason Rust is so enjoyable.

@CGM I never heard of #SASL! I have always been a huge #Wirth fan. Did tons of real-life work in #Pascal, moved through #Modula2 up to, finally, #Oberon2. Had such fond memories of it that I tried to use it last year for #AdventOfCode and learned that it was not nearly as good as I remembered. Have you tried #Racket (a kind of #Scheme)? It’s not for me but it’s interesting. Used it in a job interview once. Your description of how flow control is defined in #TCL really reminds me of Racket. I’m learning #RustLang and having the kind of #Macros you get in #Lisp and Scheme is another reason Rust is so enjoyable.

@CGM I never heard of #SASL! I have always been a huge #Wirth fan. Did tons of real-life work in #Pascal, moved through #Modula2 up to, finally, #Oberon2. Had such fond memories of it that I tried to use it last year for #AdventOfCode and learned that it was not nearly as good as I remembered. Have you tried #Racket (a kind of #Scheme)? It’s not for me but it’s interesting. Used it in a job interview once. Your description of how flow control is defined in #TCL really reminds me of Racket. I’m learning #RustLang and having the kind of #Macros you get in #Lisp and Scheme is another reason Rust is so enjoyable.

@CGM I never heard of #SASL! I have always been a huge #Wirth fan. Did tons of real-life work in #Pascal, moved through #Modula2 up to, finally, #Oberon2. Had such fond memories of it that I tried to use it last year for #AdventOfCode and learned that it was not nearly as good as I remembered. Have you tried #Racket (a kind of #Scheme)? It’s not for me but it’s interesting. Used it in a job interview once. Your description of how flow control is defined in #TCL really reminds me of Racket. I’m learning #RustLang and having the kind of #Macros you get in #Lisp and Scheme is another reason Rust is so enjoyable.

@CGM I never heard of #SASL! I have always been a huge #Wirth fan. Did tons of real-life work in #Pascal, moved through #Modula2 up to, finally, #Oberon2. Had such fond memories of it that I tried to use it last year for #AdventOfCode and learned that it was not nearly as good as I remembered. Have you tried #Racket (a kind of #Scheme)? It’s not for me but it’s interesting. Used it in a job interview once. Your description of how flow control is defined in #TCL really reminds me of Racket. I’m learning #RustLang and having the kind of #Macros you get in #Lisp and Scheme is another reason Rust is so enjoyable.

#chatgpt to the rescue 🙈
jetzt läuft #dovecot wieder

aber das teil wollte mir permanent "die komplette konfiguration" andrehen 🙄
don't do that!
vieles von dem zeugs dass es im chat vorgeschlagen hat hat nicht oder nur teilweise funktioniert

hatte auch probleme mit der #sasl authentifizierung für #smtp - da hat das teil nur brunz rausgelasen
ich hab dann (weil ich ja btrfs snapshots habe) einfach die alte config kopiert

ich brauch die dingers eigentlich nie für komplette lösungen, da muss man anschliessend zu viel korrigieren
aber für tipps wo der fehler liegen könnte sind sie echt genial und hat mir schon stunden klassische suche erspart

#CyrusIMAP 3.8.6 (oldold) has been released (#CyrusIMAPd / #Cyrus / #IMAPd / #MailServer / #MessageDeliveryAgent / #IMAP / #InternetMessageAccessProtocol / #POP3 / #PostOfficeProtocol / #JMAP / #JSONMetaApplicationProtocol / #SASL / #CyrusSASL / #CarnegieMellonUniversity / #Fastmail) https://cyrusimap.org/

#CyrusIMAP 3.10.2 (old) has been released (#CyrusIMAPd / #Cyrus / #IMAPd / #MailServer / #MessageDeliveryAgent / #IMAP / #InternetMessageAccessProtocol / #POP3 / #PostOfficeProtocol / #JMAP / #JSONMetaApplicationProtocol / #SASL / #CyrusSASL / #CarnegieMellonUniversity / #Fastmail) https://cyrusimap.org/

#CyrusIMAP 3.12.1 has been released (#CyrusIMAPd / #Cyrus / #IMAPd / #MailServer / #MessageDeliveryAgent / #IMAP / #InternetMessageAccessProtocol / #POP3 / #PostOfficeProtocol / #JMAP / #JSONMetaApplicationProtocol / #SASL / #CyrusSASL / #CarnegieMellonUniversity / #Fastmail) https://cyrusimap.org/

Анатомия безопасности XMPP

Решал я таски на Root-Me и попалась таска XMPP - authentication . Основная цель таски состояла в том, чтобы по захвату пакетов вытащить пароль, который использовался при аунтефикации и я начал искать документацию к тому, как работает аунтефикация клиента.

https://habr.com/ru/articles/920912/

#xmpp #sasl #аунтефикация #scram #информационная_безопасность #криптография #ctf #rootme

#CyrusIMAP 3.12.0 has been released (#CyrusIMAPd / #Cyrus / #IMAPd / #MailServer / #MessageDeliveryAgent / #IMAP / #InternetMessageAccessProtocol / #POP3 / #PostOfficeProtocol / #JMAP / #JSONMetaApplicationProtocol / #SASL / #CyrusSASL / #CarnegieMellonUniversity / #Fastmail) https://cyrusimap.org/

[Перевод] Ох уж эти скрытные ботнеты

Вот очередной день, когда ботнеты пытаются взломать мой скромный почтовый сервер брутфорсом для рассылки спама. Такое случается волнами, но волны эти возникают постоянно и являются частью жизни системного администратора (естественно, они терпят неудачу ;). IP-адреса, с которых происходят попытки использовать мой сервер для отправки спама IP-адреса, с которых совершаются попытки подобрать имя пользователя/пароль для авторизации на моём почтовом сервере и рассылки спама

https://habr.com/ru/companies/ruvds/articles/903450/

#ruvds_перевод #спам #брутфорс #smtp #sasl #infatica #ботнеты #разработка_приложений

#CyrusIMAP 3.12.0 RC1 has been released (#CyrusIMAPd / #Cyrus / #IMAPd / #MailServer / #MessageDeliveryAgent / #IMAP / #InternetMessageAccessProtocol / #POP3 / #PostOfficeProtocol / #JMAP / #JSONMetaApplicationProtocol / #SASL / #CyrusSASL / #CarnegieMellonUniversity / #Fastmail) https://cyrusimap.org/

#GSASL 2.2.2 has been released (#GNU / #SASL / #GNUSASL / #libgsasl / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA1PLUS / #SCRAMSHA256 / #SCRAMSHA256PLUS / #RFC5929 / #RFC9266) https://gnu.org/software/gsasl/

Greetings Programs! We're back at it working towards @pidgin 3.0 Experimental 2!

We're going to continue with some library work tonight, working on our #sqlite3 helper library and if there's time getting back to our #sasl library!

Come on by!!

https://twitch.tv/rw_grim
https://youtube.com/@rw_grim

#Pidgin #OpenSource #OpenSourceLive #C #GTK #Chat #Messaging

Disturbing (data-dependent) bug in password handling by #Exim hit the exim-users list today. Hopefully the dev team have a handle on fixing it, but it really makes me glad for Postfix's arms-length relationship with #SASL. Just the idea that an authn system would (accidentally) have a mechanism for the subject to create a logical list separator for the MTA by crafting a password is crazymaking.

#Infosec

I run my own mail server, and its constantly bombarded with “SASL spam”: failed SASL login attempts. Hundreds a day. So I wrote a little Perl script to look for them in the logs, and ban their IP ranges. Maybe this will be helpful for you too?
https://github.com/starlilyth/banSASLSpam

https://starlilyth.net/2024/08/02/sasl-spam-ban-script/

#Email #Perl #postfix #SASL #Spam

Опыт разработки сервиса отправки сообщений в Apache Kafka с использованием SASL/Kerberos и Avro Schema Registry

По техзаданию необходимо было создать сервис, который в зависимости от топика, отправлял бы сообщения или на один инстанс Kafka (строку, с простой авторизацией с помощью SSL), или на другой, но уже с сериализацией и авторизацией через Kerberos.

https://habr.com/ru/articles/819289/

#kafka #springboot #kerberos #sasl

Развертывание защищенного dev кластера bitnami/kafka в k8s с помощью helm

Всем привет. На этот раз хотел бы поделиться материалом, связанным непосредственно с devops работой. Недавно возникла потребность раскатить kafka кластер в kubernetes. В ходе развертывания возникло очень много сложностей, встречено множество подводных камней, и, естественно, в большинстве случаев рецепта в интернете найдено не было, поэтому приходилось искать решения самостоятельно методом проб и ошибок. Все, что здесь будет описано это сугубо личный опыт на одном из проектов. Сегодня я расскажу как с нуля раскатить dev контур bitnami/kafka кластера с помощью helm чартов, как обезопасить ваш кластер kafka и какие сложности могут вам встретиться.

https://habr.com/ru/articles/803969/

#kubernetes #helm #k8s #kafka #bitnami #ssl #tls #security #sasl #authentication

#GSASL 2.2.1 has been released (#GNU / #SASL / #GNUSASL / #libgsasl / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA1PLUS / #SCRAMSHA256 / #SCRAMSHA256PLUS / #RFC5929 / #RFC9266) https://gnu.org/software/gsasl/

Assume your passwords (#Mutt, #SMTP)
https://grimoire.d12s.fr/2023/mutt_smtp_assume_your_passwords.html

Voici comment j’ai (encore) perdu une après midi…

J’ai besoin d’envoyer mes courriel via leurs serveurs SMTP respectifs, vu qu’un gros hébergeur d’adresses email refuse désormais les messages non authentifiés (#SPF, #DMarc).

Avec mutt on peut obtenir ce résultat en précisant quel serveur utiliser dans la configuration ~/.muttrc […]

Mais gare aux / et aux $ dans les mots de passe…

#grimcom
#SASL authentication failed

South African Sign Language (SASL) has been approved to become the country's 12th official language.

The Constitutional Eighteenth Amendment Bill was passed by the National Assembly, making room for this amazing development. After being sent to the National Council of Provinces and the president for approval, SASL will be recognized under the Constitution and National Official Languages Act. This has been a long process, but it's finally happening ✌🏻

https://businesstech.co.za/news/government/684639/south-africa-is-getting-a-new-official-language/ #signlanguage #SouthAfrica #SASL

"XMSS provides strong security guarantees and is even secure when the collision resistance of the underlying hash function is broken ... Unlike most other signature systems, hash-based signatures can so far withstand known attacks using quantum computers. The SASL XMSS project's goal is to implement the XMSS system as a SASL mechanism in one of the publicly available open source SASL libraries."

https://nlnet.nl/project/SASL-XMSS/

#XMSS #SASL

"XMSS provides strong security guarantees and is even secure when the collision resistance of the underlying hash function is broken ... Unlike most other signature systems, hash-based signatures can so far withstand known attacks using quantum computers. The SASL XMSS project's goal is to implement the XMSS system as a SASL mechanism in one of the publicly available open source SASL libraries."

https://nlnet.nl/project/SASL-XMSS/

#XMSS #SASL

haha, funny bot tries to auth on #postfix with #sasl...
it started with x.x.x.115 , always increased by 1 and is now on x.x.x.119...
all blocked by #fail2ban 😂

I now have #znc connecting with #sasl to #freenode and #oftc. Now to sort out authenticatimg #erc and #revolutionirc to znc with certs.

@Kensan I use #sendmail with #SASL and for stronger auth I use my own #Kerberos

Why not simply using #SASL for #EPP instead of reinventing the wheel with our own login framework? (Disclaimer: I never managed to understand SASL.) #IETF102