Josh Kelley wrote: > SASL authentication appears to be operating incorrectly on my install > of FDS. We do not use SASL; our passwords are stored in FDS using > CRYPT-MD5, SMD5, and SSHA256, depending on when and how the account's > password was last changed. As I understand it, SASL authentication > using DIGEST-MD5 and CRAM-MD5 only works if passwords are stored in > cleartext in FDS. Is this correct? Yes. > > The problem is that our OS X clients, when configured for LDAP > authentication, try a SASL bind (CRAM-MD5) first then fall back to a > simple bind if that fails. When OS X checks a login against an > OpenLDAP server, the server returns resultCode 80 (other), error > message "SASL(-13): user not found: no secret in database", and so the > client falls back to a simple bind. However, when OS X tries a SASL > bind against FDS, the server returns resultCode 49 > (invalidCredentials), error message "SASL(-13): authentication > failure: incorrect digest response", and so the client assumes that > the login failed. > > Is this a bug in FDS? Or did I misconfigure something? Is there an > easy workaround? I'm not sure. Is it the LDAP resultCode that causes the OS X clients to fail, or is it the SASL return code? > Our Macs are mostly unusable until I can get this > fixed. > > Thanks. > > Josh Kelley > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060907/b350d3a9/attachment.bin
