[PATCH 0/2] LDAP SASL bind further fix series

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Thomas Reim <reimth@xxxxxxxxx>

Dear Ian,

please find two more patches for update of LDAP SASL bind in autofs. The
provided patches fix following issues:
- Missing support of SCRAM-*
  autofs 5.1.8 blocks use of SCRAM-* for SASL binding. DIGEST-MD5 is regarded
  unsafe and has been marked obsolete by IANA. Implementations should use one
  of the latest Salted Challenge Response Authentication Mechanisms (SCRAM)
  defined by IETF RFC-5802/RFC-7677 instead.
- OpenLDAP SASL mechanism auto-selection requires user credentials
  autofs 5.1.8 does not fetch user credentials from autofs_ldap_auth.conf if
  users set authrequired="autodetect" without specifying one of the user
  credential based SASL mechanisms in attribute authtype. SASL binding using
  function ldap_sasl_interactive_bind() will fail with error SASL(-13): user
  not found: no secret in database. Seamless auto-selection of an SASL mechanism
  using OpenLDAP requires specification of user credentials.

Thomas Reim (2):
  autofs-5.1.8 - support SCRAM for SASL binding
  autofs-5.1.8 - ldap_sasl_interactive_bind() needs credentials for
    auto-detection

 man/autofs_ldap_auth.conf.5.in |  2 +-
 modules/cyrus-sasl.c           |  4 ++--
 modules/lookup_ldap.c          | 41 +++++++++++++++++++++++++---------
 3 files changed, 34 insertions(+), 13 deletions(-)

-- 
2.37.2




[Index of Archives]     [Linux Filesystem Development]     [Linux Ext4]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux