same SASL config that works on CentOS5 & 6 fails on CentOS7

Paul Raines raines at nmr.mgh.harvard.edu
Fri Sep 28 16:24:25 EDT 2018


On Fri, 28 Sep 2018 4:12pm, Quanah Gibson-Mount wrote:

>       External Email - Use Caution 
> --On Friday, September 28, 2018 4:58 PM -0400 Paul Raines 
> <raines at nmr.mgh.harvard.edu> wrote:
>
>> Running 'host ldap.foobar.org' on the C6 and C7 machine both return the
>> exact same four lines/IPs.  Reverse DNS of the 4 IPs using the host
>> command is also the same on both C6 and C7 machines.  It really looks
>> like OpenLDAP is
>> just not doing the reverse DNS on C7 when building the MD5 digest
>
> Hi Paul,
>
> Again, as I stated, there have been no changes to OpenLDAP in this area. 
> Additionally, OpenLDAP leverages cyrus-sasl for SASL mechanism negotiations. 
> The culprit most likely would be a change in the version of cyrus-sasl being 
> used between C5/C6 and C7.
>
> c7 has: 2.1.26-23.el7
> c6 has: 2.1.23-15.el6_6.2
>

Okay, that makes sense.  Though the change may go even deeper such as
newer openssl or other crypto library maybe.

Thanks


More information about the Cyrus-sasl mailing list