[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: back-config again
On Monday, March 29, 2004, at 08:35 AM, Kurt D. Zeilenga wrote:
At 11:21 PM 3/28/2004, Michael Ströder wrote:
...
And what would happen if one would like to build --without-cyrus-sasl?
Builtin EXTERNAL (coming soon I hope) or slapadd(8).
Builtin EXTERNAL? Is that an oxymoron or what?
We've been using a hack to simple bind to authenticate with SSL
certificates, in 2.1 and 2.2, mainly so we could support client
libraries on some MS Windows & MacOS X platforms that have SASL
but no `external' option. The client basically just sends some
standard stuff, that would not be valid in a normal simple bind,
to signal it wants a certificate bind. It's 100 or so lines of
extra code in bind.c, but mods to existing code are limited to
one spot.
I don't think it would require Cyrus SASL on the server, either,
though I haven't tried it. The only obvious sasl requirement is
slap_sasl_regexp().
I'm guessing this may actually be a heresy and not what you meant,
but it does work with any old LDAP client.
Donn Cave, University Computing Services, University of Washington
donn@u.washington.edu