[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Timeouts over LDAPS

Martin Sandsmark <sandsmark@samfundet.no> writes:

> If we use just plain ldap (not using openssl), the connection times out
> rather quickly, and pam tries the next authentication method which works
> as expected, and the problem can be fixed. But unfortunately that also
> opens up some security risks, since we can't be sure we connect to the
> proper ldap server.

I have had this problem with other applications that use OpenSSL, and the
last time I looked at one in detail, figuring out how to get OpenSSL to
time out properly when it's in the middle of its own internal handling was
surprisingly tricky.  However, I don't know if this has already been dealt
with in OpenLDAP's client libraries somehow.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>