Josh Kelley wrote:
SASL authentication appears to be operating incorrectly on my install of FDS. We do not use SASL; our passwords are stored in FDS using CRYPT-MD5, SMD5, and SSHA256, depending on when and how the account's password was last changed. As I understand it, SASL authentication using DIGEST-MD5 and CRAM-MD5 only works if passwords are stored in cleartext in FDS. Is this correct?
Yes.
I'm not sure. Is it the LDAP resultCode that causes the OS X clients to fail, or is it the SASL return code?The problem is that our OS X clients, when configured for LDAP authentication, try a SASL bind (CRAM-MD5) first then fall back to a simple bind if that fails. When OS X checks a login against an OpenLDAP server, the server returns resultCode 80 (other), error message "SASL(-13): user not found: no secret in database", and so the client falls back to a simple bind. However, when OS X tries a SASL bind against FDS, the server returns resultCode 49 (invalidCredentials), error message "SASL(-13): authentication failure: incorrect digest response", and so the client assumes that the login failed. Is this a bug in FDS? Or did I misconfigure something? Is there an easy workaround?
Our Macs are mostly unusable until I can get this fixed. Thanks. Josh Kelley -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
