[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL EXTERNAL binds and sasl-secprops minssf > 0
- Subject: Re: SASL EXTERNAL binds and sasl-secprops minssf > 0
- From: David Hawes <dhawes@gmail.com>
- Date: Tue, 8 Aug 2017 14:11:23 -0400
- Cc: openldap-technical@openldap.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:cc; bh=tnAj0cwBfX57zQDy7b0SFdz+/FopDdXRe+guVUud46E=; b=ciTWZ1pfHcYwSfx9ITukM+B7p4DhS403YBO8xhg8lhFHrexO8GVZpuJB/2wZv2Qdx0 GsyxZLYsL140hsrxlpwRzs9CKjozyMFX7SQFKZQGANTw9FRJ5h0vwPlekhgTywRXaHd8 9CMAGjxTZtXMM2xQLgIQKFpQkdyaB7DHQFm12Ys8qwFBFpzKZDA0DfTeWkHJA5DznsKh 55Js3Clz+3cNOV4BlGUdxaY006s0PL37cYjSxYDu9pt89sWGJ71Oj0JDuPFawq+PbXgZ eqjl15q1hcADd2GinvuFEX0HpCp24qVW90EWy22izLHdResymqaaPKvf34bqlgCIAuKh I3mg==
- In-reply-to: <11EB229C09ED1605888DC984@192.168.1.30>
- References: <CACaXs1tiVWuLP-FtrACP9iJB0ExKRoHNy-ptq8321ZZi_omyAg@mail.gmail.com> <WM!559a86d85993fe69e7d15f9228f5b49582f8c1fdf6ddc4c60e428b369110f4b55a6fea0385f3623727230fc157acc226!@mailstronghold-2.zmailcloud.com> <11EB229C09ED1605888DC984@192.168.1.30>
On 7 August 2017 at 11:37, Quanah Gibson-Mount <quanah@symas.com> wrote:
> --On Saturday, August 05, 2017 3:05 PM -0400 David Hawes <dhawes@gmail.com>
> wrote:
>
>> With ITS #8568 [1], I notice that the first SASL EXTERNAL (using TLS
>> client auth) bind on a connection succeeds, but subsequent SASL
>> EXTERNAL binds on the same connection fail with:
>>
>> slapd[31088]: conn=1009 op=3 RESULT tag=97 err=48 text=SASL(-15):
>> mechanism too weak for this user: mech EXTERNAL is too weak
>
>
> Please file an ITS for this, thanks. I would think the expected behavior
> for SASL/EXTERNAL is the SASL SSF matches the TLS SSF, given it's a TLS
> encrypted connection.
>
ITS filed:
http://www.openldap.org/its/index.cgi/Incoming?id=8708;selectid=8708