On 17/11/22 14:57, Thomas A. Reim wrote:
Dear Ian,
we can't find the patches in list
https://mirrors.edge.kernel.org/pub/linux/daemons/autofs/v5/patches-5.1.9/.
Is there still work going on? Do you need further updates?
There's no problem, it's just me getting diverted to other
tasks.
Rest assured I will get to committing the changes eventually.
Ian
Kind regards
Thomas
On 12.09.22 02:58, ThomasReim wrote:
From: Thomas Reim <reimth@xxxxxxxxx>
Dear Ian,
please find two more patches for update of LDAP SASL bind in autofs. The
provided patches fix following issues:
- Missing support of SCRAM-*
autofs 5.1.8 blocks use of SCRAM-* for SASL binding. DIGEST-MD5 is
regarded
unsafe and has been marked obsolete by IANA. Implementations
should use one
of the latest Salted Challenge Response Authentication Mechanisms
(SCRAM)
defined by IETF RFC-5802/RFC-7677 instead.
- OpenLDAP SASL mechanism auto-selection requires user credentials
autofs 5.1.8 does not fetch user credentials from
autofs_ldap_auth.conf if
users set authrequired="autodetect" without specifying one of the
user
credential based SASL mechanisms in attribute authtype. SASL
binding using
function ldap_sasl_interactive_bind() will fail with error
SASL(-13): user
not found: no secret in database. Seamless auto-selection of an
SASL mechanism
using OpenLDAP requires specification of user credentials.
Thomas Reim (2):
autofs-5.1.8 - support SCRAM for SASL binding
autofs-5.1.8 - ldap_sasl_interactive_bind() needs credentials for
auto-detection
man/autofs_ldap_auth.conf.5.in | 2 +-
modules/cyrus-sasl.c | 4 +--
modules/lookup_ldap.c | 48 +++++++++++++++++++++++++++-------
3 files changed, 41 insertions(+), 13 deletions(-)
