On 5.11.2014 21:22, Alexander Bokovoy wrote:
On Wed, 05 Nov 2014, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication() successfully determined that
an empty password was invalid, but 389 itself would see this as an
On 11/05/2014 09:14 PM, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication() successfully determined that
an empty password was invalid, but 389 itself would see this as an
anonymous bind. An anonymous bind would
On Thu, 06 Nov 2014, thierry bordaz wrote:
On 11/05/2014 09:14 PM, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication() successfully determined that
an empty password was invalid, but 389 itself would see this as an
On 11/06/2014 12:35 PM, Alexander Bokovoy wrote:
On Thu, 06 Nov 2014, thierry bordaz wrote:
On 11/05/2014 09:14 PM, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication() successfully determined that
an empty password
On Thu, 06 Nov 2014, thierry bordaz wrote:
On 11/06/2014 12:35 PM, Alexander Bokovoy wrote:
On Thu, 06 Nov 2014, thierry bordaz wrote:
On 11/05/2014 09:14 PM, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication()
On 11/06/2014 02:14 PM, Alexander Bokovoy wrote:
On Thu, 06 Nov 2014, thierry bordaz wrote:
On 11/06/2014 12:35 PM, Alexander Bokovoy wrote:
On Thu, 06 Nov 2014, thierry bordaz wrote:
On 11/05/2014 09:14 PM, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP
On Wed, 05 Nov 2014, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication() successfully determined that
an empty password was invalid, but 389 itself would see this as an
anonymous bind. An anonymous bind would never
On Wed, 5 Nov 2014 22:22:16 +0200
Alexander Bokovoy aboko...@redhat.com wrote:
On Wed, 05 Nov 2014, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication() successfully determined that
an empty password was invalid,
On Wed, 05 Nov 2014, Simo Sorce wrote:
On Wed, 5 Nov 2014 22:22:16 +0200
Alexander Bokovoy aboko...@redhat.com wrote:
On Wed, 05 Nov 2014, Nathaniel McCallum wrote:
Before this patch users could log in using only the OTP value. This
arose because ipapwd_authentication() successfully determined