From 139c40de1bc595ccd4b8ca952da9e2a37bc8a18e Mon Sep 17 00:00:00 2001 From: dugan <dugan@localhost> Date: Wed, 05 Nov 2008 13:22:43 +0000 Subject: [PATCH] These fixes add confidentiality/integrity to the SASL GSSAPI and DIGEST-MD5 mechanisms. The issue links: --- opends/src/messages/messages/extension.properties | 353 ++++++++++++++-------------------------------------------- 1 files changed, 84 insertions(+), 269 deletions(-) diff --git a/opends/src/messages/messages/extension.properties b/opends/src/messages/messages/extension.properties index ade0c5e..9811b59 100644 --- a/opends/src/messages/messages/extension.properties +++ b/opends/src/messages/messages/extension.properties @@ -400,7 +400,7 @@ security provider is required for clients that wish to use SASL EXTERNAL \ authentication MILD_ERR_SASLEXTERNAL_NO_CLIENT_CERT_126=The SASL EXTERNAL bind request could \ - not be processed because the client did not present a certificate chain \ + not be processed because the client did not present an certificate chain \ during SSL/TLS negotiation MILD_ERR_SASLEXTERNAL_NO_MAPPING_127=The SASL EXTERNAL bind request failed \ because the certificate chain presented by the client during SSL/TLS \ @@ -614,271 +614,76 @@ INFO_SASLCRAMMD5_UPDATED_USER_BASE_DN_191=Attribute ds-cfg-user-base-dn in \ configuration entry %s has been updated. The DN %s will now be used as the \ search base when looking up user entries based on their username -SEVERE_ERR_SASLDIGESTMD5_CANNOT_GET_MESSAGE_DIGEST_192=An unexpected error \ - occurred while attempting to obtain an MD5 digest engine for use by the \ - DIGEST-MD5 SASL handler: %s -INFO_SASLDIGESTMD5_DESCRIPTION_USERNAME_ATTRIBUTE_193=Name of \ - the attribute that will be used to identify user entries based on the \ - username provided during SASL DIGEST-MD5 authentication. This must specify \ - the name of a valid attribute type defined in the server schema. Changes to \ - this configuration attribute will take effect immediately -SEVERE_ERR_SASLDIGESTMD5_CANNOT_GET_USERNAME_ATTR_194=An unexpected error \ - occurred while attempting to determine the value of the \ - ds-cfg-user-name-attribute attribute in configuration entry %s: %s -SEVERE_ERR_SASLDIGESTMD5_UNKNOWN_USERNAME_ATTR_195=The attribute %s \ - referenced in configuration attribute ds-cfg-user-name-attribute in \ - configuration entry %s does not exist in the Directory Server schema. The \ - attribute that is to be used for username lookups during SASL DIGEST-MD5 \ - authentication must be defined in the server schema -INFO_SASLDIGESTMD5_DESCRIPTION_USER_BASE_DN_196=Base DN that \ - should be used when searching for entries based on the username provided \ - during SASL DIGEST-MD5 authentication. Changes to this configuration \ - attribute will take effect immediately -SEVERE_ERR_SASLDIGESTMD5_CANNOT_GET_USER_BASE_DN_197=An unexpected error \ - occurred while attempting to determine the value of the ds-cfg-user-base-dn \ - attribute in configuration entry %s: %s -INFO_SASLDIGESTMD5_DESCRIPTION_REALM_198=Realm that should be \ - used by the server for DIGEST-MD5 authentication. If this is not provided, \ - then the server will default to using a set of realm names that correspond to \ - the defined suffixes. Changes to this configuration attribute will take \ - effect immediately -SEVERE_ERR_SASLDIGESTMD5_CANNOT_GET_REALM_199=An unexpected error occurred \ - while attempting to determine the value of the ds-cfg-realm attribute in \ - configuration entry %s: %s -SEVERE_WARN_SASLDIGESTMD5_CHALLENGE_TOO_LONG_200=The initial DIGEST-MD5 must \ - be less than 2048 bytes, but the generated challenge was %d bytes -MILD_ERR_SASLDIGESTMD5_NO_CREDENTIALS_201=The client connection included \ - DIGEST-MD5 state information, indicating that the client was in the process \ - of performing a DIGEST-MD5 bind, but the bind request did not include any \ + INFO_SASL_UNSUPPORTED_CALLBACK_192=An unsupported or unexpected callback was \ + provided to the SASL server for use during %s authentication: %s +MILD_ERR_SASL_NO_CREDENTIALS_193=The client connection included \ + %s state information, indicating that the client was in the process \ + of performing a %s bind, but the bind request did not include any \ credentials -MILD_ERR_SASLDIGESTMD5_INVALID_STORED_STATE_202=The SASL DIGEST-MD5 bind \ - request contained SASL credentials, but the stored SASL state information for \ - this client connection is not in an appropriate form for the challenge -SEVERE_WARN_SASLDIGESTMD5_CANNOT_PARSE_ISO_CREDENTIALS_203=An error occurred \ - while attempting to parse the DIGEST-MD5 credentials as a string using the %s \ - character set: %s. The server will re-try using UTF-8 -SEVERE_WARN_SASLDIGESTMD5_CANNOT_PARSE_UTF8_CREDENTIALS_204=An error occurred \ - while attempting to parse the DIGEST-MD5 credentials as a string using the \ - UTF-8 character set: %s -MILD_ERR_SASLDIGESTMD5_INVALID_TOKEN_IN_CREDENTIALS_205=The DIGEST-MD5 \ - credentials provided by the client contained an invalid token of "%s" \ - starting at position %d -MILD_ERR_SASLDIGESTMD5_INVALID_CHARSET_206=The DIGEST-MD5 credentials \ - provided by the client specified an invalid character set of %s. Only a \ - value of 'utf-8' is acceptable for this parameter -MILD_ERR_SASLDIGESTMD5_CANNOT_DECODE_REALM_AS_DN_207=An error occurred while \ - attempting to parse the provided response realm "%s" as a DN: %s -MILD_ERR_SASLDIGESTMD5_INVALID_REALM_208=The DIGEST-MD5 credentials provided \ - by the client included an invalid realm of "%s" -SEVERE_ERR_SASLDIGESTMD5_INVALID_NONCE_209=The DIGEST-MD5 credentials \ - provided by the client included a nonce that was different from the nonce \ - supplied by the server. This could indicate a replay attack or a chosen \ - plaintext attack, and as a result the client connection will be terminated -MILD_ERR_SASLDIGESTMD5_CANNOT_DECODE_NONCE_COUNT_210=The DIGEST-MD5 \ - credentials provided by the client included a nonce count "%s" that could not \ - be decoded as a hex-encoded integer -SEVERE_ERR_SASLDIGESTMD5_CANNOT_DECODE_STORED_NONCE_COUNT_211=An unexpected \ - error occurred while attempting to decode the nonce count stored by the \ - server for this client connection: %s -SEVERE_ERR_SASLDIGESTMD5_INVALID_NONCE_COUNT_212=The DIGEST-MD5 credentials \ - provided by the client included a nonce count that was different from the \ - count expected by the server. This could indicate a replay attack, and as a \ - result the client connection will be terminated -MILD_ERR_SASLDIGESTMD5_INTEGRITY_NOT_SUPPORTED_213=The client requested the \ - auth-int quality of protection but integrity protection is not currently \ - supported by the Directory Server -MILD_ERR_SASLDIGESTMD5_CONFIDENTIALITY_NOT_SUPPORTED_214=The client requested \ - the auth-conf quality of protection but confidentiality protection is not \ - currently supported by the Directory Server -MILD_ERR_SASLDIGESTMD5_INVALID_QOP_215=The DIGEST-MD5 credentials provided by \ - the client requested an invalid quality of protection mechanism of %s -MILD_ERR_SASLDIGESTMD5_CANNOT_PARSE_RESPONSE_DIGEST_216=The DIGEST-MD5 \ - credentials provided by the client included a digest that could not be \ - decoded as a hex-encoded byte sequence: %s -MILD_ERR_SASLDIGESTMD5_INVALID_RESPONSE_TOKEN_217=The DIGEST-MD5 credentials \ - provided by the client included an invalid token named "%s" -MILD_ERR_SASLDIGESTMD5_NO_USERNAME_IN_RESPONSE_218=The DIGEST-MD5 credentials \ - provided by the client did not contain the required "username" token -MILD_ERR_SASLDIGESTMD5_NO_NONCE_IN_RESPONSE_219=The DIGEST-MD5 credentials \ - provided by the client did not contain the required "nonce" token -MILD_ERR_SASLDIGESTMD5_NO_CNONCE_IN_RESPONSE_220=The DIGEST-MD5 credentials \ - provided by the client did not contain the required "cnonce" token -MILD_ERR_SASLDIGESTMD5_NO_NONCE_COUNT_IN_RESPONSE_221=The DIGEST-MD5 \ - credentials provided by the client did not contain the required "nc" token -MILD_ERR_SASLDIGESTMD5_NO_DIGEST_IN_RESPONSE_223=The DIGEST-MD5 credentials \ - provided by the client did not contain the required "response" token -MILD_ERR_SASLDIGESTMD5_CANNOT_DECODE_USERNAME_AS_DN_224=An error occurred \ - while attempting to decode the SASL DIGEST-MD5 username "%s" because it \ - appeared to contain a DN but DN decoding failed: %s -MILD_ERR_SASLDIGESTMD5_USERNAME_IS_NULL_DN_225=The username in the SASL \ - DIGEST-MD5 bind request appears to be an empty DN. This is not allowed -INFO_SASLDIGESTMD5_CANNOT_LOCK_ENTRY_226=The Directory Server was unable to \ - obtain a read lock on user entry %s in order to retrieve that entry -MILD_ERR_SASLDIGESTMD5_CANNOT_GET_ENTRY_BY_DN_227=An error occurred while \ - attempting to retrieve user entry %s as specified in the DN-based username of \ - a SASL DIGEST-MD5 bind request: %s -MILD_ERR_SASLDIGESTMD5_ZERO_LENGTH_USERNAME_228=The username contained in the \ - SASL DIGEST-MD5 bind request had a length of zero characters, which is not \ - allowed. DIGEST-MD5 authentication does not allow an empty string for use as \ - the username -MILD_ERR_SASLDIGESTMD5_CANNOT_PERFORM_INTERNAL_SEARCH_229=An error occurred \ - while trying to perform an internal search to retrieve the user entry \ - associated with the SASL DIGEST-MD5 username %s. The result of that search \ - was %s with a message of %s -MILD_ERR_SASLDIGESTMD5_MULTIPLE_MATCHING_ENTRIES_230=The internal search \ - attempting to resolve SASL DIGEST-MD5 username %s matched multiple entries. \ - Authentication cannot succeed unless the username is mapped to exactly one \ - user entry -MILD_ERR_SASLDIGESTMD5_NO_MATCHING_ENTRIES_231=The server was not able to \ - find any user entries for the provided username of %s -MILD_ERR_SASLDIGESTMD5_NO_PW_ATTR_232=The SASL DIGEST-MD5 authentication \ - failed because the mapped user entry did not contain any values for the %s \ - attribute -MILD_ERR_SASLDIGESTMD5_UNKNOWN_STORAGE_SCHEME_233=A password in the target \ - user entry %s could not be processed via SASL DIGEST-MD5 because that \ - password has an unknown storage scheme of %s -MILD_ERR_SASLDIGESTMD5_CANNOT_GET_CLEAR_PASSWORD_234=An error occurred while \ - attempting to obtain the clear-text password for user %s from the value with \ - storage scheme %s: %s -MILD_ERR_SASLDIGESTMD5_INVALID_CREDENTIALS_235=The DIGEST-MD5 credentials \ - provided by the client are not appropriate for any password in the associated \ - user account -MILD_ERR_SASLDIGESTMD5_NO_REVERSIBLE_PASSWORDS_236=SASL DIGEST-MD5 \ - authentication is not possible for user %s because none of the passwords in \ - the user entry are stored in a reversible form -SEVERE_WARN_SASLDIGESTMD5_CANNOT_GENERATE_RESPONSE_DIGEST_237=An error \ - occurred while attempting to generate a server-side digest to compare with \ - the client response: %s -SEVERE_ERR_SASLDIGESTMD5_CANNOT_GENERATE_RESPONSE_AUTH_DIGEST_238=An error \ - occurred while trying to generate the response auth digest to include in the \ - server SASL credentials: %s -MILD_ERR_SASLDIGESTMD5_INVALID_CLOSING_QUOTE_POS_239=The DIGEST-MD5 response \ - challenge could not be parsed because it had an invalid quotation mark at \ - position %d -INFO_SASLDIGESTMD5_UPDATED_USERNAME_ATTR_240=Attribute \ - ds-cfg-user-name-attribute in configuration entry %s has been updated. The \ - %s attribute will now be used when looking up user entries based on their \ - username -INFO_SASLDIGESTMD5_UPDATED_USER_BASE_DN_241=Attribute ds-cfg-user-base-dn in \ - configuration entry %s has been updated. The DN %s will now be used as the \ - search base when looking up user entries based on their username -INFO_SASLDIGESTMD5_UPDATED_NEW_REALM_242=Attribute ds-cfg-realm in \ - configuration entry %s has been updated. The realm "%s" will now be \ - advertised by the server in the challenge response -INFO_SASLDIGESTMD5_UPDATED_NO_REALM_243=Attribute ds-cfg-realm in \ - configuration entry %s has been updated. The realm(s) advertised by the \ - server in the challenge response will be the DNs of the server suffixes -INFO_SASLGSSAPI_DESCRIPTION_USERNAME_ATTRIBUTE_244=Name of the \ - attribute that will be used to identify user entries based on the username \ - provided during SASL GSSAPI authentication. This must specify the name of a \ - valid attribute type defined in the server schema. Changes to this \ - configuration attribute will take effect immediately -SEVERE_ERR_SASLGSSAPI_CANNOT_GET_USERNAME_ATTR_245=An unexpected error \ - occurred while attempting to determine the value of the \ - ds-cfg-user-name-attribute attribute in configuration entry %s: %s -SEVERE_ERR_SASLGSSAPI_UNKNOWN_USERNAME_ATTR_246=The attribute %s referenced \ - in configuration attribute ds-cfg-user-name-attribute in configuration entry \ - %s does not exist in the Directory Server schema. The attribute that is to \ - be used for username lookups during SASL GSSAPI authentication must be \ - defined in the server schema -INFO_SASLGSSAPI_DESCRIPTION_USER_BASE_DN_247=Base DN that \ - should be used when searching for entries based on the username provided \ - during SASL GSSAPI authentication. Changes to this configuration attribute \ - will take effect immediately -SEVERE_ERR_SASLGSSAPI_CANNOT_GET_USER_BASE_DN_248=An unexpected error \ - occurred while attempting to determine the value of the ds-cfg-user-base-dn \ - attribute in configuration entry %s: %s -INFO_SASLGSSAPI_DESCRIPTION_SERVER_FQDN_249=Fully-qualified \ - domain name that should be used for the server during SASL GSSAPI \ - authentication. Changes to this configuration attribute will take effect \ - immediately -SEVERE_ERR_SASLGSSAPI_CANNOT_GET_SERVER_FQDN_250=An unexpected error occurred \ +SEVERE_ERR_SASL_CANNOT_GET_SERVER_FQDN_194=An unexpected error occurred \ while attempting to determine the value of the ds-cfg-server-fqdn attribute \ in configuration entry %s: %s -INFO_SASLGSSAPI_UPDATED_USERNAME_ATTR_251=Attribute \ - ds-cfg-user-name-attribute in configuration entry %s has been updated. The \ - %s attribute will now be used when looking up user entries based on their \ - username -INFO_SASLGSSAPI_UPDATED_USER_BASE_DN_252=Attribute ds-cfg-user-base-dn in \ - configuration entry %s has been updated. The DN %s will now be used as the \ - search base when looking up user entries based on their username -INFO_SASLGSSAPI_UPDATED_NEW_SERVER_FQDN_253=Attribute ds-cfg-server-fqdn in \ - configuration entry %s has been updated. The value "%s" will now be used as \ - the fully-qualified name of the Directory Server for GSSAPI authentication -INFO_SASLGSSAPI_UPDATED_NO_SERVER_FQDN_254=Attribute ds-cfg-server-fqdn in \ - configuration entry %s has been updated. The Directory Server will attempt \ - to determine its own FQDN for use in GSSAPI authentication -INFO_SASLGSSAPI_UNEXPECTED_CALLBACK_255=An unexpected callback was provided \ - for the SASL server for use during GSSAPI authentication: %s -INFO_SASLGSSAPI_DESCRIPTION_KDC_ADDRESS_256=Address of the KDC \ - that should be used during SASL GSSAPI authentication. If this is not \ - specified, then an attempt will be made to obtain it from the system-wide \ - Kerberos configuration. Changes to this configuration attribute will take \ - effect immediately for subsequent GSSAPI bind attempts -MILD_ERR_SASLGSSAPI_CANNOT_GET_KDC_ADDRESS_257=An unexpected error occurred \ - while attempting to determine the value of the ds-cfg-kdc-address attribute \ - in configuration entry %s: %s -INFO_SASLGSSAPI_DESCRIPTION_REALM_258=Default realm that should \ - be used during SASL GSSAPI authentication. If this is not specified, then an \ - attempt will be made to obtain it from the system-wide Kerberos \ - configuration. Changes to this configuration attribute will take effect \ - immediately for subsequent GSSAPI bind attempts -MILD_ERR_SASLGSSAPI_CANNOT_GET_REALM_259=An unexpected error occurred while \ - attempting to determine the value of the ds-cfg-realm attribute in \ - configuration entry %s: %s -MILD_ERR_SASLGSSAPI_NO_CLIENT_CONNECTION_260=No client connection was \ - available for use in processing the GSSAPI bind request -MILD_ERR_SASLGSSAPI_CANNOT_CREATE_SASL_SERVER_261=An error occurred while \ - attempting to create the SASL server instance to process the GSSAPI bind \ - request: %s -MILD_ERR_SASLGSSAPI_CANNOT_EVALUATE_RESPONSE_262=An error occurred while \ - attempting to evaluate the challenge response provided by the client in the \ - GSSAPI bind request: %s -MILD_ERR_SASLGSSAPI_NO_AUTHZ_ID_263=The GSSAPI authentication process appears \ - to have completed but no authorization ID is available for mapping to a \ - directory user -MILD_ERR_SASLGSSAPI_CANNOT_PERFORM_INTERNAL_SEARCH_264=An error occurred \ - while attempting to perform an internal search to map the GSSAPI \ - authorization ID %s to a Directory Server user (result code %d, error message \ - "%s") -MILD_ERR_SASLGSSAPI_MULTIPLE_MATCHING_ENTRIES_265=The GSSAPI authorization ID \ - %s appears to have multiple matches in the Directory Server -MILD_ERR_SASLGSSAPI_CANNOT_MAP_AUTHZID_266=The GSSAPI authorization ID %s \ - could not be mapped to any user in the Directory Server -INFO_SASLGSSAPI_UPDATED_KDC_267=Attribute ds-cfg-kdc-address in configuration \ - entry %s has been updated. The value "%s" will now be used as the address of \ - the KDC for GSSAPI authentication -INFO_SASLGSSAPI_UNSET_KDC_268=Attribute ds-cfg-kdc-address in configuration \ - entry %s has been un-set as a system property. Any further GSSAPI \ - authentication attempts will rely on the Kerberos configuration in the \ - underlying operating system to determine the KDC address -INFO_SASLGSSAPI_UPDATED_REALM_269=Attribute ds-cfg-realm in configuration \ - entry %s has been updated. The value "%s" will now be used as the default \ - realm for GSSAPI authentication -INFO_SASLGSSAPI_UNSET_REALM_270=Attribute ds-cfg-realm in configuration entry \ - %s has been un-set as a system property. Any further GSSAPI authentication \ - attempts will rely on the Kerberos configuration in the underlying operating \ - system to determine the default realm -MILD_ERR_SASLGSSAPI_CANNOT_CREATE_LOGIN_CONTEXT_271=An error occurred while \ - attempting to create the JAAS login context for GSSAPI authentication: %s -MILD_ERR_SASLGSSAPI_CANNOT_AUTHENTICATE_SERVER_272=An error occurred while \ - attempting to perform server-side Kerberos authentication to support a GSSAPI \ - bind operation: %s -INFO_SASLGSSAPI_DESCRIPTION_KEYTAB_FILE_273=Path to the keytab \ - file containing the secret key for the Kerberos principal to use when \ - processing GSSAPI authentication. If this is not specified, then the \ - system-wide default keytab file will be used. Changes to this configuration \ - attribute will not take effect until the GSSAPI SASL mechanism handler is \ - disabled and re-enabled or the Directory Server is restarted -MILD_ERR_SASLGSSAPI_CANNOT_GET_KEYTAB_FILE_274=An unexpected error occurred \ - while attempting to determine the value of the ds-cfg-keytab attribute in \ - configuration entry %s: %s -SEVERE_ERR_SASLGSSAPI_CANNOT_CREATE_JAAS_CONFIG_275=An error occurred while \ + SEVERE_ERR_SASL_CONTEXT_CREATE_ERROR_195=An unexpected error occurred while \ + trying to create an %s context: %s +MILD_ERR_SASL_CANNOT_DECODE_USERNAME_AS_DN_196=An error occurred \ + while attempting to decode the SASL %s username "%s" because it \ + appeared to contain a DN but DN decoding failed: %s +MILD_ERR_SASL_USERNAME_IS_NULL_DN_197=The username in the SASL \ + %s bind request appears to be an empty DN. This is not allowed +INFO_SASL_CANNOT_LOCK_ENTRY_198=The Directory Server was unable to \ + obtain a read lock on user entry %s in order to retrieve that entry +MILD_ERR_SASL_CANNOT_GET_ENTRY_BY_DN_199=An error occurred while \ + attempting to retrieve user entry %s as specified in the DN-based username of \ + a SASL %s bind request: %s +MILD_ERR_SASL_ZERO_LENGTH_USERNAME_200=The username contained in the \ + SASL %s bind request had a length of zero characters, which is not \ + allowed. %s authentication does not allow an empty string for use as \ + the username +MILD_ERR_SASL_NO_MATCHING_ENTRIES_201=The server was not able to \ + find any user entries for the provided username of %s +MILD_ERR_SASL_AUTHZID_INVALID_DN_202=The provided authorization ID \ + %s contained an invalid DN: %s + MILD_ERR_SASL_AUTHZID_NO_SUCH_ENTRY_203=The entry %s specified as \ + the authorization identity does not exist +MILD_ERR_SASL_AUTHZID_CANNOT_GET_ENTRY_204=The entry %s specified as \ + the authorization identity could not be retrieved: %s +MILD_ERR_SASL_AUTHZID_NO_MAPPED_ENTRY_205=The server was unable to \ + find any entry corresponding to authorization ID %s +MILD_ERR_SASL_CANNOT_MAP_AUTHZID_206=An error occurred while \ + attempting to map authorization ID %s to a user entry: %s +MILD_ERR_SASL_CANNOT_GET_REVERSIBLE_PASSWORDS_207=An error occurred \ + while attempting to retrieve the clear-text password(s) for user %s in order \ + to perform SASL %s authentication: %s +MILD_ERR_SASL_NO_REVERSIBLE_PASSWORDS_208=SASL %s \ + authentication is not possible for user %s because none of the passwords in \ + the user entry are stored in a reversible form +SEVERE_ERR_SASL_PROTOCOL_ERROR_209=SASL %s protocol error: %s +MILD_ERR_SASL_AUTHZID_INSUFFICIENT_PRIVILEGES_210=The authenticating \ + user %s does not have sufficient privileges to assume a different \ + authorization identity +MILD_ERR_SASL_AUTHZID_INSUFFICIENT_ACCESS_211=The authenticating \ + user %s does not have sufficient access to assume a different \ + authorization identity +MILD_ERR_SASL_AUTHENTRY_NO_MAPPED_ENTRY_212=The server was unable to \ + find any entry corresponding to authentication ID %s +SEVERE_ERR_SASLGSSAPI_KDC_REALM_NOT_DEFINED_213=The server was unable to \ + because both the ds-cfg-kdc-address and ds-cfg-realm attributes must be \ + defined or neither defined +MILD_ERR_SASL_CANNOT_MAP_AUTHENTRY_214=An error occurred while \ + attempting to map authorization ID %s to a user entry: %s +SEVERE_ERR_SASLGSSAPI_CANNOT_CREATE_JAAS_CONFIG_215=An error occurred while \ attempting to write a temporary JAAS configuration file for use during GSSAPI \ processing: %s -SEVERE_ERR_SASLGSSAPI_DIFFERENT_AUTHID_AND_AUTHZID_276=The authentication ID \ - %s was not equal to the authorization ID %s. This is not supported for \ - GSSAPI authentication + SEVERE_ERR_SASLGSSAPI_CANNOT_CREATE_LOGIN_CONTEXT_216=An error occurred while \ + attempting to create the JAAS login context for GSSAPI authentication: %s + MILD_ERR_SASLGSSAPI_NO_CLIENT_CONNECTION_217=No client connection was \ + available for use in processing the GSSAPI bind request + INFO_GSSAPI_PRINCIPAL_NAME_218=GSSAPI mechanism using a principal name of: %s + INFO_GSSAPI_SERVER_FQDN_219=GSSAPI SASL mechanism using a server fully \ + qualified domain name of: %s + INFO_DIGEST_MD5_REALM_220=DIGEST-MD5 SASL mechanism using a realm of: %s + INFO_DIGEST_MD5_SERVER_FQDN_221=DIGEST-MD5 SASL mechanism using a server \ + fully qualified domain name of: %s SEVERE_ERR_EXTOP_WHOAMI_PROXYAUTH_INSUFFICIENT_PRIVILEGES_277=You do not have \ sufficient privileges to use the proxied authorization control INFO_EXACTMAP_DESCRIPTION_MATCH_ATTR_298=Name or OID of the \ @@ -1123,9 +928,11 @@ from configuration entry %s: %s NOTICE_ERRORLOG_ACCTNOTHANDLER_NOTIFICATION_375=Account-Status-Notification \ type='%s' userdn='%s' id=%d msg='%s' -MILD_ERR_SASLDIGESTMD5_CANNOT_GET_REVERSIBLE_PASSWORDS_376=An error occurred \ - while attempting to retrieve the clear-text password(s) for user %s in order \ - to perform SASL DIGEST-MD5 authentication: %s + + + + + MILD_ERR_SASLCRAMMD5_CANNOT_GET_REVERSIBLE_PASSWORDS_377=An error occurred \ while attempting to retrieve the clear-text password(s) for user %s in order \ to perform SASL CRAM-MD5 authentication: %s @@ -1169,13 +976,13 @@ perform an internal modification to update the group: %s MILD_ERR_EXTOP_PASSMOD_INSUFFICIENT_PRIVILEGES_392=You do not have sufficient \ privileges to perform password reset operations + + + MILD_ERR_SASLDIGESTMD5_EMPTY_AUTHZID_393=The provided authorization ID was \ empty, which is not allowed for DIGEST-MD5 authentication MILD_ERR_SASLDIGESTMD5_AUTHZID_INVALID_DN_394=The provided authorization ID \ %s contained an invalid DN: %s -MILD_ERR_SASLDIGESTMD5_AUTHZID_INSUFFICIENT_PRIVILEGES_395=The authenticating \ - user %s does not have sufficient privileges to assume a different \ - authorization identity MILD_ERR_SASLDIGESTMD5_AUTHZID_NO_SUCH_ENTRY_396=The entry %s specified as \ the authorization identity does not exist MILD_ERR_SASLDIGESTMD5_AUTHZID_CANNOT_GET_ENTRY_397=The entry %s specified as \ @@ -1184,6 +991,14 @@ find any entry corresponding to authorization ID %s MILD_ERR_SASLDIGESTMD5_CANNOT_MAP_AUTHZID_399=An error occurred while \ attempting to map authorization ID %s to a user entry: %s + + + + + + + + MILD_ERR_SASLPLAIN_AUTHZID_INVALID_DN_400=The provided authorization ID %s \ contained an invalid DN: %s MILD_ERR_SASLPLAIN_AUTHZID_INSUFFICIENT_PRIVILEGES_401=The authenticating \ @@ -1625,6 +1440,6 @@ SEVERE_ERR_SDTUACM_ATTR_UNINDEXED_569=The subject DN to user attribute \ certificate mapper defined in configuration entry %s references attribute \ type %s which is does not have an equality index defined in backend %s -INFO_LOG_EXTENSION_INFORMATION_570=Loaded extension from file '%s' (build %s, \ +SEVERE_ERR_SASLDIGESTMD5_PROTOCOL_ERROR_570=SASL DIGEST MD5 protocol error: %s +INFO_LOG_EXTENSION_INFORMATION_571=Loaded extension from file '%s' (build %s, \ revision %s) - -- Gitblit v1.10.0