[Bug 1987992] Re: autofs: Missing support of SCRAM for SASL binds
rdratlos
1987992 at bugs.launchpad.net
Mon Sep 5 09:59:35 UTC 2022
I need further advice how to proceed in fixing this issue.
Upstream has a strong focus on backward compatibility and support of
different LDAP implementations. Checks during configure (build) time
seem to preferred over runtime checks. This strategy conflicts with
Ubuntu packaging strategy for Cyrus SASL packages.
Currently followed strategy for fixing this issue is to add
libsasl2-modules-gssapi-mit to autofs build dependencies. This
automatically adds libsasl2-modules and we have most of the SASL
mechanims available at build time. A configure message informs users
about the detected mechanims.
On the other hand SCRAM family authentication mechanisms should be
provided as part of the shared secret SASL authentication package
(libsasl2-modules). See bug #1988730. This is required to allow Heimdal
GSSAPI and SCRAM on clients. In this case, provided patch would just
need to add libsasl2-modules to autofs build dependencies.
But still Cyrus SASL packaging in Ubuntu makes it very difficult to
check and print all (installable) SASL bind/authentication mechanims on
a server/workstation during build time.
Any ideas how to solves this hen and egg issue?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to autofs in Ubuntu.
https://bugs.launchpad.net/bugs/1987992
Title:
autofs: Missing support of SCRAM for SASL binds
Status in autofs package in Ubuntu:
New
Bug description:
Most directory services now support the more secure Salted Challenge
Response Authentication Mechanismis (SCRAM) for SASL binding (RFC 5802).
But automount user cannot request use of SCRAM, as automount does not
read user and password credentials for SCRAM mechanisms.
For sys admins that do not want to implement Kerberos based
authentication to their directory service using GSSAPI need to rely on
DIGEST-MD5, which is regarded as insecure.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autofs/+bug/1987992/+subscriptions
More information about the foundations-bugs
mailing list