A further security improvement of this patch let's OpenLDAP libldap negotiate and choose the most safe available SASL authentication mechanism:
Settings in /etc/autofs_ldap_auth.conf:
<?xml version="1.0" ?>
<!--
This files contains a single entry with multiple attributes tied to it.
See autofs_ldap_auth.conf(5) for more information.
-->
A further security improvement of this patch let's OpenLDAP libldap negotiate and choose the most safe available SASL authentication mechanism:
Settings in /etc/autofs_ ldap_auth. conf: ldap_auth. conf(5) for more information.
<?xml version="1.0" ?>
<!--
This files contains a single entry with multiple attributes tied to it.
See autofs_
-->
<autofs_ ldap_sasl_ conf
usetls= "yes"
tlsrequired= "no"
authrequired= "autodetect"
authtype= "DIGEST- MD5"
secret= "my_secret"
<email address hidden>"
/>
$ automount -f -v -d nss_read_ master: reading master ldap auto.master string: lookup(ldap): Attempting to parse LDAP information from string "auto.master". string: lookup(ldap): mapname auto.master server. example. com
Starting automounter version 5.1.8, master map auto.master
using kernel protocol version 5.05
lookup_
parse_server_
parse_server_
parse_ldap_config: lookup(ldap): ldap authentication configured with the following options:
parse_ldap_config: lookup(ldap): use_tls: 1, tls_required: 0, auth_required: 4, sasl_mech: DIGEST-MD5
parse_ldap_config: lookup(ldap): user: <email address hidden>, secret: specified, client principal: (null) credential cache: (null)
do_init: parse(sun): init gathered global options: (null)
find_server: trying server uri ldap://
do_bind: lookup(ldap): auth_required: 4, sasl_mech DIGEST-MD5
do_bind: Attempting sasl bind with mechanism DIGEST-MD5
do_bind: SASL username: <email address hidden>
do_bind: SASL authcid: root
do_bind: sasl bind with mechanism SCRAM-SHA-1 succeeded