same SASL config that works on CentOS5 & 6 fails on CentOS7
Paul Raines
raines at nmr.mgh.harvard.edu
Fri Sep 28 16:24:25 EDT 2018
On Fri, 28 Sep 2018 4:12pm, Quanah Gibson-Mount wrote:
> External Email - Use Caution
> --On Friday, September 28, 2018 4:58 PM -0400 Paul Raines
> <raines at nmr.mgh.harvard.edu> wrote:
>
>> Running 'host ldap.foobar.org' on the C6 and C7 machine both return the
>> exact same four lines/IPs. Reverse DNS of the 4 IPs using the host
>> command is also the same on both C6 and C7 machines. It really looks
>> like OpenLDAP is
>> just not doing the reverse DNS on C7 when building the MD5 digest
>
> Hi Paul,
>
> Again, as I stated, there have been no changes to OpenLDAP in this area.
> Additionally, OpenLDAP leverages cyrus-sasl for SASL mechanism negotiations.
> The culprit most likely would be a change in the version of cyrus-sasl being
> used between C5/C6 and C7.
>
> c7 has: 2.1.26-23.el7
> c6 has: 2.1.23-15.el6_6.2
>
Okay, that makes sense. Though the change may go even deeper such as
newer openssl or other crypto library maybe.
Thanks
More information about the Cyrus-sasl
mailing list