[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: SASL DIGEST-MD5 auth. and multiple attempts (ITS#2803)
> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of sfandino@yahoo.com
> Full_Name: Salvador Fandino
> Version: 2.1.23
> OS: Linux 2.2
> URL:
> Submission from: (NULL) (213.250.160.50)
>
>
> Hi,
>
> I have a server that uses SASL Digest MD5 authentication and
> have found that...
>
> 1- If the user uses his correct name and password for the
> first time it tries to
> authenticate, OpenLDAP authenticates it ok
>
> 2- but when he uses bad username or password the first time,
> OpenLDAP will also
> refuse to authenticate the user on later attemps if the same
> nonce is used.
The nonce cannot be re-used. After a failed authentication attempt the SASL
context (which provided the original nonce) is disposed of. You have to
re-start the Bind sequence from the initial request. This is not an OpenLDAP
bug, this report will be closed.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support