From: Thomas Reim <reimth@xxxxxxxxx> Dear Ian, please find two more patches for update of LDAP SASL bind in autofs. The provided patches fix following issues: - Missing support of SCRAM-* autofs 5.1.8 blocks use of SCRAM-* for SASL binding. DIGEST-MD5 is regarded unsafe and has been marked obsolete by IANA. Implementations should use one of the latest Salted Challenge Response Authentication Mechanisms (SCRAM) defined by IETF RFC-5802/RFC-7677 instead. - OpenLDAP SASL mechanism auto-selection requires user credentials autofs 5.1.8 does not fetch user credentials from autofs_ldap_auth.conf if users set authrequired="autodetect" without specifying one of the user credential based SASL mechanisms in attribute authtype. SASL binding using function ldap_sasl_interactive_bind() will fail with error SASL(-13): user not found: no secret in database. Seamless auto-selection of an SASL mechanism using OpenLDAP requires specification of user credentials. Thomas Reim (2): autofs-5.1.8 - support SCRAM for SASL binding autofs-5.1.8 - ldap_sasl_interactive_bind() needs credentials for auto-detection man/autofs_ldap_auth.conf.5.in | 2 +- modules/cyrus-sasl.c | 4 ++-- modules/lookup_ldap.c | 41 +++++++++++++++++++++++++--------- 3 files changed, 34 insertions(+), 13 deletions(-) -- 2.37.2