[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SLAPD fails to handle concurrent SASL logins (ITS#1949)

To: openldap-its@OpenLDAP.org
Subject: Re: SLAPD fails to handle concurrent SASL logins (ITS#1949)
From: Kurt@OpenLDAP.org
Date: Sun, 28 Jul 2002 06:13:24 GMT

This appears to be a bug in Cyrus SASL 2.1.
It appears to be using its global context in
places where it should be using its session context.

Kurt

At 05:16 PM 2002-07-14, andrew.findlay@skills-1st.co.uk wrote:
>Full_Name: Andrew Findlay
>Version: HEAD 15 July 2002
>OS: Linux Redhat 7.3
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (217.206.98.194)
>
>
>If two LDAP sessions simultaneously try to authenticate using SASL DIGEST-MD5,
>one of
>them fails with the message 'nonce changed: authentication aborted'.
>
>To reproduce, start two windows (I will call them A and B) and issue commands as
>follows:
>
>A: ldapsearch -U <valid username A> -b dc=example,dc=org cn=xyzzy
>B: ldapsearch -U <valid username B> -b dc=example,dc=org cn=plugh
>A: give password for first user
>   (this fails)
>B: give password for second user
>   (this works)
>
>It does not matter whether the two sessions use different usernames or the same
>one.
>
>It appears that the nonce is not being stored per-session during the
>authentication process.
>
>I am using Cyrus SASL 2.1.5

Prev by Date: Re: SASL regex segmentation faults with group based acls (ITS#1978)
Next by Date: Search problem with non-default attributes. (ITS#1993)
Index(es):
- Chronological
- Thread