Re: Query about authinfo_unavail and user_unknown behaviour
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Query about authinfo_unavail and user_unknown behaviour
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Query about authinfo_unavail and user_unknown behaviour
- Date: Sat, 11 Oct 2014 22:51:06 +0200
On Wed, 2014-10-08 at 12:36 +0200, Berend De Schouwer wrote:
> I can confirm good behaviour with this patch, bad behaviour with
> 0.7.16.
Thanks. Note that 0.7.16 contains a known security issue
(CVE-2013-0288). I'm not sure the PAM return code issue will be fixed in
0.7 because it will only receive fixes for major bugs.
If you are compiling from source I strongly recommend at least 0.8.14
because it contains a number of improvements in this area (as mentioned
the issue you reported is fixed in 0.8.3). The 0.9.4 release is also
quite stable at this point.
> My "unit tests" to test this condition were getting confused because:
> "not retrying server ldap://127.0.0.1:9009/ which failed just 1
> second(s) ago and has been failing for 12 seconds"
>
> It's been a bit problematic writing repeatable tests for nslcd
> up/down, ldap up/down, password in cache up/down, password good/bad...
> Fun with timing :)
Testing is indeed quite hard and the automated tests I have now are
mostly for the happy flow (and a few limited tests for the timeout
handling).
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/