[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5195) ssf not available during sasl bind
--On Monday, October 29, 2007 11:45 PM +0000 russell-openldap@stuart.id.au
wrote:
> On Mon, 2007-10-29 at 18:07 +0100, Hallvard B Furuseth wrote:
>> No, you've forced users who authenticate against userPassword
>> to be encrypted. Not all SASL methods, nor auth with rootpw.
>
> Thats a worry. Rootpw aside, the intended objective of
> the ACL was to ensure passwords were never sent in the
> clear. Either a protocol like CRAM-MD5 was used, or the
> entire link is encrypted. Does it not do that? (Actually
> it doesn't. It should have been sasl_ssf=71. But bugs
> aside ...)
>
> Secondly, just out of curiosity, are there SASL methods
> that check a shared secret of some kind and don't use
> userPassword? What are they?
GSSAPI
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration