ITS#10084 Switch MECH default away from DIGEST-MD5

2026-02-03 20:40:05 -05:00 · 2023-08-18 11:00:33 +01:00 · 2023-08-18 11:00:33 +01:00 · 100def6487
commit 100def6487
parent 9691d02268
5 changed files with 14 additions and 7 deletions
--- a/tests/scripts/conf.sh
+++ b/tests/scripts/conf.sh
@ -15,7 +15,7 @@
 if [ x"$WITH_SASL" = x"yes" -a x"$USE_SASL" != x"no" ] ; then
 	SASL="sasl"
 	if [ x"$USE_SASL" = x"yes" ] ; then
-		USE_SASL=DIGEST-MD5
+		USE_SASL=SCRAM-SHA-256
 	fi
 	SASL_MECH="\"saslmech=$USE_SASL\""
 else
--- a/tests/scripts/lloadd/test006-sasl
+++ b/tests/scripts/lloadd/test006-sasl
@ -22,7 +22,7 @@ if test $WITH_SASL = "yes" ; then
        exit 0
    fi
    if test $USE_SASL = "yes" ; then
-        MECH="DIGEST-MD5"
+        MECH="SCRAM-SHA-256"
    else
        MECH="$USE_SASL"
    fi
--- a/tests/scripts/test028-idassert
+++ b/tests/scripts/test028-idassert
@ -20,7 +20,7 @@ echo "### This test requires the LDAP backend and the rwm overlay."
 echo "### If available, and explicitly requested, it can use SASL bind;"
 echo "### note that SASL must be properly set up, and the requested"
 echo "### mechanism must be available.  Define SLAPD_USE_SASL={yes|<mech>},"
-echo "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]."
+echo "### with \"yes\" defaulting to SCRAM-SHA-256 to enable SASL authc[/authz]."

 if test $BACKLDAP = "ldapno" ; then 
 	echo "LDAP backend not available, test skipped"
@ -35,7 +35,7 @@ fi
 if test $WITH_SASL = "yes" ; then
 	if test $USE_SASL != "no" ; then
 		if test $USE_SASL = "yes" ; then
-			MECH="DIGEST-MD5"
+			MECH="SCRAM-SHA-256"
 		else
 			MECH="$USE_SASL"
 		fi
--- a/tests/scripts/test029-ldapglue
+++ b/tests/scripts/test029-ldapglue
@ -20,7 +20,7 @@ echo "### This test requires the ldap backend and glue overlay."
 echo "### If available, and explicitly requested, it can use SASL bind;"
 echo "### note that SASL must be properly set up, and the requested"
 echo "### mechanism must be available.  Define SLAPD_USE_SASL={yes|<mech>},"
-echo "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]."
+echo "### with \"yes\" defaulting to SCRAM-SHA-256 to enable SASL authc[/authz]."

 if test $BACKLDAP = "ldapno" ; then 
 	echo "LDAP backend not available, test skipped"
@ -30,7 +30,7 @@ fi
 if test $WITH_SASL = "yes" ; then
 	if test $USE_SASL != "no" ; then
 		if test $USE_SASL = "yes" ; then
-			MECH="DIGEST-MD5"
+			MECH="SCRAM-SHA-256"
 		else
 			MECH="$USE_SASL"
 		fi
--- a/tests/scripts/test076-authid-rewrite
+++ b/tests/scripts/test076-authid-rewrite
@ -21,8 +21,15 @@ if test $WITH_SASL = no; then
 	exit 0
 fi

+case "$USE_SASL" in
+	""|no|yes)
+		MECH="SCRAM-SHA-256";;
+	*)
+		MECH="$USE_SASL"
+esac
+echo "Using SASL authc[/authz] with mech=$MECH"
+
 CONFDIR=$TESTDIR/slapd.d
-MECH=DIGEST-MD5

 mkdir -p $TESTDIR $CONFDIR $DBDIR1