[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL OTP and syncrepl

To: openldap-software@openldap.org
Subject: SASL OTP and syncrepl
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Thu, 3 Dec 2009 04:23:19 +0100
User-agent: MacSOUP/2.7 (unregistered for 1048 days)

Hello

When using SASL OTP, the one time password sequence number is stored in
a cmusaslsecretOTP attribute. On every successful authentication, it
should be decreased.

That works fine until used with a syncrepl setup: authenticating to a
replica may cause its local cmusaslsecretOTP, but this change will be
overriden by the value from the master.

As a result, I see sometime the sequence number decreasing just after a
succeeded authentication, but that does not last very long. Soon or
later, the older value is restored.

How is it supposed to work? As far as I understand, there needs to be
some code for the replica to send the update to the master. Is the code
missing, or do I have a configuration problem that prevent it from
working? Or do I hit a bug?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

Follow-Ups:
- Re: SASL OTP and syncrepl
  - From: Howard Chu <hyc@symas.com>

Prev by Date: how to set an optimal cachesize into openldap
Next by Date: Re: SASL OTP and syncrepl
Index(es):
- Chronological
- Thread