Dear Ian,
we can't find the patches in list
https://mirrors.edge.kernel.org/pub/linux/daemons/autofs/v5/patches-5.1.9/.
Is there still work going on? Do you need further updates?
Kind regards
Thomas
On 12.09.22 02:58, ThomasReim wrote:
From: Thomas Reim <reimth@xxxxxxxxx>
Dear Ian,
please find two more patches for update of LDAP SASL bind in autofs. The
provided patches fix following issues:
- Missing support of SCRAM-*
autofs 5.1.8 blocks use of SCRAM-* for SASL binding. DIGEST-MD5 is regarded
unsafe and has been marked obsolete by IANA. Implementations should use one
of the latest Salted Challenge Response Authentication Mechanisms (SCRAM)
defined by IETF RFC-5802/RFC-7677 instead.
- OpenLDAP SASL mechanism auto-selection requires user credentials
autofs 5.1.8 does not fetch user credentials from autofs_ldap_auth.conf if
users set authrequired="autodetect" without specifying one of the user
credential based SASL mechanisms in attribute authtype. SASL binding using
function ldap_sasl_interactive_bind() will fail with error SASL(-13): user
not found: no secret in database. Seamless auto-selection of an SASL mechanism
using OpenLDAP requires specification of user credentials.
Thomas Reim (2):
autofs-5.1.8 - support SCRAM for SASL binding
autofs-5.1.8 - ldap_sasl_interactive_bind() needs credentials for
auto-detection
man/autofs_ldap_auth.conf.5.in | 2 +-
modules/cyrus-sasl.c | 4 +--
modules/lookup_ldap.c | 48 +++++++++++++++++++++++++++-------
3 files changed, 41 insertions(+), 13 deletions(-)
