Bug 456456
| Summary: | There is no way to tell apart an unauthenticated bind from an anonymous bind | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] 389 | Reporter: | Loris Santamaria <loris.santamaria> | ||||
| Component: | Security - Access Control (ACL) | Assignee: | Rich Megginson <rmeggins> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 1.1.1 | CC: | benl, nkinder | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2008-11-07 22:28:52 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 249650 | ||||||
| Attachments: |
|
||||||
|
Description
Loris Santamaria
2008-07-23 19:51:09 UTC
Created attachment 312602 [details]
Plugin to disable unauthenticated binds
The above plugin checks if the users sends a DN but no password (unauthenticated bind), and if it is the case, it returns an error code 32 (Unwilling to perform) Tested with anonymous connections, unauthenticated binds, plain binds, and SASL GSSAPI connections. Feel free to modify, use, or trash the plugin at your will. Thanks! We'll have a look at it once we get a little time. We will need a CLA to accept this code - http://directory.fedoraproject.org/wiki/Contributing - if you already have an account with the Fedora Account System, you can fill out the CLA on-line - if you do so, or if you have already done this, just let me know what your FAS account name is - https://admin.fedoraproject.org/accounts/ I've registered an account, and the account name is loris This is a duplicate of 316241. We definitely appreciate the contribution, but the fix in the other bug is in the core server code with a configuration attribute to control the behavior as opposed to a new separate plug-in. For a feature this simple, it is preferred to not have to have an entire plug-in, so we are going to go with that approach. *** This bug has been marked as a duplicate of bug 316241 *** |