Re: [PATCH v2 0/2] LDAP SASL bind further fix series

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 17/11/22 14:57, Thomas A. Reim wrote:
Dear Ian,

we can't find the patches in list

Is there still work going on? Do you need further updates?

There's no problem, it's just me getting diverted to other


Rest assured I will get to committing the changes eventually.


Kind regards


On 12.09.22 02:58, ThomasReim wrote:
From: Thomas Reim <reimth@xxxxxxxxx>

Dear Ian,

please find two more patches for update of LDAP SASL bind in autofs. The
provided patches fix following issues:
- Missing support of SCRAM-*
   autofs 5.1.8 blocks use of SCRAM-* for SASL binding. DIGEST-MD5 is regarded    unsafe and has been marked obsolete by IANA. Implementations should use one    of the latest Salted Challenge Response Authentication Mechanisms (SCRAM)
   defined by IETF RFC-5802/RFC-7677 instead.
- OpenLDAP SASL mechanism auto-selection requires user credentials
   autofs 5.1.8 does not fetch user credentials from autofs_ldap_auth.conf if    users set authrequired="autodetect" without specifying one of the user    credential based SASL mechanisms in attribute authtype. SASL binding using    function ldap_sasl_interactive_bind() will fail with error SASL(-13): user    not found: no secret in database. Seamless auto-selection of an SASL mechanism
   using OpenLDAP requires specification of user credentials.

Thomas Reim (2):
   autofs-5.1.8 - support SCRAM for SASL binding
   autofs-5.1.8 - ldap_sasl_interactive_bind() needs credentials for

  man/ |  2 +-
  modules/cyrus-sasl.c           |  4 +--
  modules/lookup_ldap.c          | 48 +++++++++++++++++++++++++++-------
  3 files changed, 41 insertions(+), 13 deletions(-)

[Index of Archives]     [Linux Filesystem Development]     [Linux Ext4]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux