[Date Prev][Date Next] [Chronological] [Thread] [Top]

SLAPD fails to handle concurrent SASL logins (ITS#1949)

To: openldap-its@OpenLDAP.org
Subject: SLAPD fails to handle concurrent SASL logins (ITS#1949)
From: andrew.findlay@skills-1st.co.uk
Date: Mon, 15 Jul 2002 16:16:08 GMT

Full_Name: Andrew Findlay
Version: HEAD 15 July 2002
OS: Linux Redhat 7.3
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (217.206.98.194)


If two LDAP sessions simultaneously try to authenticate using SASL DIGEST-MD5,
one of
them fails with the message 'nonce changed: authentication aborted'.

To reproduce, start two windows (I will call them A and B) and issue commands as
follows:

A: ldapsearch -U <valid username A> -b dc=example,dc=org cn=xyzzy
B: ldapsearch -U <valid username B> -b dc=example,dc=org cn=plugh
A: give password for first user
   (this fails)
B: give password for second user
   (this works)

It does not matter whether the two sessions use different usernames or the same
one.

It appears that the nonce is not being stored per-session during the
authentication process.

I am using Cyrus SASL 2.1.5

Prev by Date: RE: endless loop when adding 100000 entries (ITS#1939)
Next by Date: saslRegexp limits syntax of regular expressions (ITS#1951)
Index(es):
- Chronological
- Thread