[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL DIGEST-MD5 auth. and multiple attempts (ITS#2803)
Full_Name: Salvador Fandino
Version: 2.1.23
OS: Linux 2.2
URL:
Submission from: (NULL) (213.250.160.50)
Hi,
I have a server that uses SASL Digest MD5 authentication and have found that...
1- If the user uses his correct name and password for the first time it tries to
authenticate, OpenLDAP authenticates it ok
2- but when he uses bad username or password the first time, OpenLDAP will also
refuse to authenticate the user on later attemps if the same nonce is used.
Below is a "conversation" with the OpenLDAP server showing the problem.
Cheers,
- Salvador.
# initial sasl binding:
=> ldap_sasl_bind(NULL, DIGEST-MD5, NULL): rc=0, id=1
=> ldap_result(1): rc=97
=> ldap_parse_sasl_bind_result(...): rc=14,
out=|nonce="qW/pmeJB3OCGadj+LcGEdnvODhOrQX8L9S9nkfRbuWc=",realm="crunc-demo",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=65536,charset=utf-8,algorithm=md5-sess|
# authentication attempt with wrong user & passwd
=> ldap_sasl_bind(NULL, DIGEST-MD5,
|charset=utf-8,cnonce="3288eef954a18a57e58cc1b68097f22b",digest-uri="ldap/crunc",nc=00000001,nonce="qW/pmeJB3OCGadj+LcGEdnvODhOrQX8L9S9nkfRbuWc=",qop="auth-int",realm="crunc-demo",response=7d0d6edca56165b2d3d05559ce2b8751,username="anonymous"|):
rc=0, id=2
=> ldap_result(2): 97
=> ldap_parse_sasl_bind_result(...): rc=80, out=||
# new authentication attempt with the correct user & passwd using the same
nonce.
=> ldap_sasl_bind(NULL, DIGEST-MD5,
|charset=utf-8,cnonce="3288eef954a18a57e58cc1b68097f22b",digest-uri="ldap/crunc",nc=00000002,nonce="qW/pmeJB3OCGadj+LcGEdnvODhOrQX8L9S9nkfRbuWc=",qop="auth-int",realm="crunc-demo",response=74df0fe66f655dbb469967b1332f622f,username="test"|):
rc=0, id=3
=> ldap_result(3): 97
=> ldap_parse_sasl_bind_result(...): rc=14,
out=|nonce="XhzLBce/vGFJadN4NN6QJiy3cd1f27hYplauV9DYLfY=",realm="crunc-demo",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=65536,charset=utf-8,algorithm=md5-sess|