[Fedora-directory-users] SASL authentication
Richard Megginson
rmeggins at redhat.com
Thu Sep 7 20:57:52 UTC 2006
Josh Kelley wrote:
> SASL authentication appears to be operating incorrectly on my install
> of FDS. We do not use SASL; our passwords are stored in FDS using
> CRYPT-MD5, SMD5, and SSHA256, depending on when and how the account's
> password was last changed. As I understand it, SASL authentication
> using DIGEST-MD5 and CRAM-MD5 only works if passwords are stored in
> cleartext in FDS. Is this correct?
Yes.
>
> The problem is that our OS X clients, when configured for LDAP
> authentication, try a SASL bind (CRAM-MD5) first then fall back to a
> simple bind if that fails. When OS X checks a login against an
> OpenLDAP server, the server returns resultCode 80 (other), error
> message "SASL(-13): user not found: no secret in database", and so the
> client falls back to a simple bind. However, when OS X tries a SASL
> bind against FDS, the server returns resultCode 49
> (invalidCredentials), error message "SASL(-13): authentication
> failure: incorrect digest response", and so the client assumes that
> the login failed.
>
> Is this a bug in FDS? Or did I misconfigure something? Is there an
> easy workaround?
I'm not sure. Is it the LDAP resultCode that causes the OS X clients to
fail, or is it the SASL return code?
> Our Macs are mostly unusable until I can get this
> fixed.
>
> Thanks.
>
> Josh Kelley
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060907/b350d3a9/attachment.bin>
More information about the Fedora-directory-users
mailing list