On 16 Mar 2015, at 21:06, Michael Ströder
<michael(a)stroeder.com> wrote:
Stephen Gallagher wrote:
> On Mon, 2015-03-16 at 10:33 +0100, Michael Ströder wrote:
>> BTW: I consider it to be a bug that sssd tries to read the rootDSE
>> before binding.
>
> Why do you consider this a bug? The RootDSE contains information to
> allow SSSD to learn what mechanisms it's allowed to use when binding.
> That's one of its primary purposes.
>
> That said, if we can't reach it, we just guess, connect and then
> reread the rootDSE after binding.
Ouch! A client MUST NOT assume that anything security relevant is really true when
reading the rootDSE. The client has to obey its configuration. Period.
Sorry, but can you elaborate effect does the sssd's mechanism of trying anonymous
first and retrying with anonymous have? I still don't see why you consider this a
bug..
Ciao, Michael.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users