On 11/06/2014 02:14 PM, Alexander Bokovoy wrote:
On Thu, 06 Nov 2014, thierry bordaz wrote:
On 11/06/2014 12:35 PM, Alexander Bokovoy wrote:
On Thu, 06 Nov 2014, thierry bordaz wrote:
On 11/05/2014 09:14 PM, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP val
On Thu, 06 Nov 2014, thierry bordaz wrote:
On 11/06/2014 12:35 PM, Alexander Bokovoy wrote:
On Thu, 06 Nov 2014, thierry bordaz wrote:
On 11/05/2014 09:14 PM, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication() suc
On 11/06/2014 12:35 PM, Alexander Bokovoy wrote:
On Thu, 06 Nov 2014, thierry bordaz wrote:
On 11/05/2014 09:14 PM, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication() successfully determined that
an empty password
On Thu, 06 Nov 2014, thierry bordaz wrote:
On 11/05/2014 09:14 PM, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication() successfully determined that
an empty password was invalid, but 389 itself would see this as an
a
On 11/05/2014 09:14 PM, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication() successfully determined that
an empty password was invalid, but 389 itself would see this as an
anonymous bind. An anonymous bind would never
On 5.11.2014 21:22, Alexander Bokovoy wrote:
On Wed, 05 Nov 2014, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication() successfully determined that
an empty password was invalid, but 389 itself would see this as an
an
On Wed, 05 Nov 2014, Simo Sorce wrote:
On Wed, 5 Nov 2014 22:22:16 +0200
Alexander Bokovoy wrote:
On Wed, 05 Nov 2014, Nathaniel McCallum wrote:
>Before this patch users could log in using only the OTP value. This
>arose because ipapwd_authentication() successfully determined that
>an empty pa
On Wed, 5 Nov 2014 22:22:16 +0200
Alexander Bokovoy wrote:
> On Wed, 05 Nov 2014, Nathaniel McCallum wrote:
> >Before this patch users could log in using only the OTP value. This
> >arose because ipapwd_authentication() successfully determined that
> >an empty password was invalid, but 389 itself
On Wed, 05 Nov 2014, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication() successfully determined that
an empty password was invalid, but 389 itself would see this as an
anonymous bind. An anonymous bind would never ev