[Bug 1987992] Re: autofs: Missing support of SCRAM for SASL binds
rdratlos
1987992 at bugs.launchpad.net
Mon Sep 5 09:35:00 UTC 2022
Attached patch contains a first idea how to solve this issue. It has not
yet been proposed to upstream, as the patch checks for SASL mechanisms
that are supported by Cyrus libsasl2 during build.
Current Ubuntu approach is to provide SASL bind mechanims as optional
packages (libsasl2-modules, libsasl2-modules-gssapi-mit), which are not
a build dependency of the Cyrus SASL source package.
Therefore, this attached patch requires to add libsasl2-modules-gssapi-
mit to the build dependencies in debian/rules.
** Patch added: "Enable SCRAM for SASL binding"
https://bugs.launchpad.net/ubuntu/+source/autofs/+bug/1987992/+attachment/5613735/+files/autofs-5.1.8-support-SCRAM-for-SASL-binding.patch
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to autofs in Ubuntu.
https://bugs.launchpad.net/bugs/1987992
Title:
autofs: Missing support of SCRAM for SASL binds
Status in autofs package in Ubuntu:
New
Bug description:
Most directory services now support the more secure Salted Challenge
Response Authentication Mechanismis (SCRAM) for SASL binding (RFC 5802).
But automount user cannot request use of SCRAM, as automount does not
read user and password credentials for SCRAM mechanisms.
For sys admins that do not want to implement Kerberos based
authentication to their directory service using GSSAPI need to rely on
DIGEST-MD5, which is regarded as insecure.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autofs/+bug/1987992/+subscriptions
More information about the foundations-bugs
mailing list