[Date Prev][Date Next]
Re: SLAPD fails to handle concurrent SASL logins (ITS#1949)
This appears to be a bug in Cyrus SASL 2.1.
It appears to be using its global context in
places where it should be using its session context.
At 05:16 PM 2002-07-14, firstname.lastname@example.org wrote:
>Full_Name: Andrew Findlay
>Version: HEAD 15 July 2002
>OS: Linux Redhat 7.3
>Submission from: (NULL) (220.127.116.11)
>If two LDAP sessions simultaneously try to authenticate using SASL DIGEST-MD5,
>them fails with the message 'nonce changed: authentication aborted'.
>To reproduce, start two windows (I will call them A and B) and issue commands as
>A: ldapsearch -U <valid username A> -b dc=example,dc=org cn=xyzzy
>B: ldapsearch -U <valid username B> -b dc=example,dc=org cn=plugh
>A: give password for first user
> (this fails)
>B: give password for second user
> (this works)
>It does not matter whether the two sessions use different usernames or the same
>It appears that the nonce is not being stored per-session during the
>I am using Cyrus SASL 2.1.5