Re: [PATCH v2 0/2] LDAP SASL bind further fix series

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Dear Ian,

we can't find the patches in list

Is there still work going on? Do you need further updates?

Kind regards


On 12.09.22 02:58, ThomasReim wrote:
From: Thomas Reim <reimth@xxxxxxxxx>

Dear Ian,

please find two more patches for update of LDAP SASL bind in autofs. The
provided patches fix following issues:
- Missing support of SCRAM-*
   autofs 5.1.8 blocks use of SCRAM-* for SASL binding. DIGEST-MD5 is regarded
   unsafe and has been marked obsolete by IANA. Implementations should use one
   of the latest Salted Challenge Response Authentication Mechanisms (SCRAM)
   defined by IETF RFC-5802/RFC-7677 instead.
- OpenLDAP SASL mechanism auto-selection requires user credentials
   autofs 5.1.8 does not fetch user credentials from autofs_ldap_auth.conf if
   users set authrequired="autodetect" without specifying one of the user
   credential based SASL mechanisms in attribute authtype. SASL binding using
   function ldap_sasl_interactive_bind() will fail with error SASL(-13): user
   not found: no secret in database. Seamless auto-selection of an SASL mechanism
   using OpenLDAP requires specification of user credentials.

Thomas Reim (2):
   autofs-5.1.8 - support SCRAM for SASL binding
   autofs-5.1.8 - ldap_sasl_interactive_bind() needs credentials for

  man/ |  2 +-
  modules/cyrus-sasl.c           |  4 +--
  modules/lookup_ldap.c          | 48 +++++++++++++++++++++++++++-------
  3 files changed, 41 insertions(+), 13 deletions(-)

[Index of Archives]     [Linux Filesystem Development]     [Linux Ext4]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux