[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SLAPD fails to handle concurrent SASL logins (ITS#1949)

This appears to be a bug in Cyrus SASL 2.1.
It appears to be using its global context in
places where it should be using its session context.


At 05:16 PM 2002-07-14, andrew.findlay@skills-1st.co.uk wrote:
>Full_Name: Andrew Findlay
>Version: HEAD 15 July 2002
>OS: Linux Redhat 7.3
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (
>If two LDAP sessions simultaneously try to authenticate using SASL DIGEST-MD5,
>one of
>them fails with the message 'nonce changed: authentication aborted'.
>To reproduce, start two windows (I will call them A and B) and issue commands as
>A: ldapsearch -U <valid username A> -b dc=example,dc=org cn=xyzzy
>B: ldapsearch -U <valid username B> -b dc=example,dc=org cn=plugh
>A: give password for first user
>   (this fails)
>B: give password for second user
>   (this works)
>It does not matter whether the two sessions use different usernames or the same
>It appears that the nonce is not being stored per-session during the
>authentication process.
>I am using Cyrus SASL 2.1.5