[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8936) SASL/SCRAM-SHA-1 bind returns other(80) instead of invalidCredentials (49) in case of wrong password

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8936) SASL/SCRAM-SHA-1 bind returns other(80) instead of invalidCredentials (49) in case of wrong password
From: michael@stroeder.com
Date: Sun, 18 Nov 2018 18:20:07 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

On 11/18/18 7:13 PM, Quanah Gibson-Mount wrote:
> --On Sunday, November 18, 2018 5:48 PM +0000 hyc@symas.com wrote:
>> Sounds like this is an issue for the Cyrus SASL project. Their plugin is
>> returning a SASL_BADPROT error code on all failures, instead of a more
>> meaningful code like SASL_BADAUTH.
> 
> I opened <https://github.com/cyrusimap/cyrus-sasl/issues/545>

Thanks.

> since they're working on getting the 2.1.27 release out anytime now
> and this should likely be fixed as a part of that release.
It seems they cut the release yesterday:

ftp://ftp.cyrusimap.org/cyrus-sasl/

Nevermind, I'm not using SASL password mechs for anything serious. Just
stumbled across this while implementing a regression test for bad
password in ldap0 module which explicitly checks that
invalidCredentials(49) is returned.

Ciao, Michael.

Prev by Date: Re: (ITS#8936) SASL/SCRAM-SHA-1 bind returns other(80) instead of invalidCredentials (49) in case of wrong password
Next by Date: Re: (ITS#8936) SASL/SCRAM-SHA-1 bind returns other(80) instead of invalidCredentials (49) in case of wrong password
Index(es):
- Chronological
- Thread