[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Timeouts over LDAPS

To: openldap-technical@openldap.org
Subject: Re: Timeouts over LDAPS
From: Russ Allbery <rra@stanford.edu>
Date: Tue, 05 Feb 2008 15:08:16 -0800
In-reply-to: <20080205190044.GA1955@samfundet.no> (Martin Sandsmark's message of "Tue\, 5 Feb 2008 20\:00\:45 +0100")
Organization: The Eyrie
References: <20080205190044.GA1955@samfundet.no>
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux)

Martin Sandsmark <sandsmark@samfundet.no> writes:

> If we use just plain ldap (not using openssl), the connection times out
> rather quickly, and pam tries the next authentication method which works
> as expected, and the problem can be fixed. But unfortunately that also
> opens up some security risks, since we can't be sure we connect to the
> proper ldap server.

I have had this problem with other applications that use OpenSSL, and the
last time I looked at one in detail, figuring out how to get OpenSSL to
time out properly when it's in the middle of its own internal handling was
surprisingly tricky.  However, I don't know if this has already been dealt
with in OpenLDAP's client libraries somehow.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

Follow-Ups:
- Re: Timeouts over LDAPS
  - From: Howard Chu <hyc@symas.com>

References:
- Timeouts over LDAPS
  - From: Martin Sandsmark <sandsmark@samfundet.no>

Prev by Date: Re: LDAP Master/Slave replication
Next by Date: Re: Timeouts over LDAPS
Index(es):
- Chronological
- Thread