[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL External : unknown authentication method

To: "'Francois Beretti'" <francois.beretti@enatel.com>
Subject: RE: SASL External : unknown authentication method
From: "Howard Chu" <hyc@highlandsun.com>
Date: Mon, 12 May 2003 04:04:49 -0700
Cc: "'Liste OpenLDAP Software'" <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <1052736033.5113.302.camel@linux-integ.enatel.local>

> -----Original Message-----
> From: Francois Beretti [mailto:francois.beretti@enatel.com]

> Hello Howard

>> Your debug log indicates that the server configuration is OK. The problem
>> seems to be that the client is unable to use the EXTERNAL mechanism. The "No
>> worthy mechs found" message usually means that the available mechanisms
>> didn't provide strong enough security.

> ldap_sasl_interactive_bind_s: Unknown authentication method (86)
>         additional info: SASL(-4): no mechanism available: No worthy
> mechs found
> 
> I am unable to find any useful info, i would really 
> appreciate your help
> thanks !

Oh, I just remembered - this is a bug in Cyrus SASL 2.1.10, it doesn't set the correct security flags on the EXTERNAL mechanism. That's why it comes back with "no worthy mechs found" - the SASL client library wrongly decides that EXTERNAL isn't strong enough. I wrote a simple patch for this months ago, but you'd be better off upgrading to Cyrus SASL 2.1.13.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- RE: SASL External : unknown authentication method
  - From: Francois Beretti <francois.beretti@enatel.com>

Prev by Date: RE: SASL External : unknown authentication method
Next by Date: Re: SASL External : unknown authentication method
Index(es):
- Chronological
- Thread