[Date Prev][Date Next]
Re: Timeouts over LDAPS
Martin Sandsmark <firstname.lastname@example.org> writes:
> If we use just plain ldap (not using openssl), the connection times out
> rather quickly, and pam tries the next authentication method which works
> as expected, and the problem can be fixed. But unfortunately that also
> opens up some security risks, since we can't be sure we connect to the
> proper ldap server.
I have had this problem with other applications that use OpenSSL, and the
last time I looked at one in detail, figuring out how to get OpenSSL to
time out properly when it's in the middle of its own internal handling was
surprisingly tricky. However, I don't know if this has already been dealt
with in OpenLDAP's client libraries somehow.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>