[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL's PLAIN mechanism



Folks,

Can someone confirm (or correct) the following behavior 
in OpenLDAP 2.0?

>From servers/slapd/sasl.c (OpenLDAP 

201     sasl_secprops.max_ssf = INT_MAX;
202     sasl_secprops.maxbufsize = 65536;
203     sasl_secprops.security_flags =
SASL_SEC_NOPLAINTEXT|SASL_SEC_NOANONYMOUS;
204 #endif


According to the rootDSE entry for an OpenLDAP 2.0.6
slapd server, the PLAIN SASL mechanism is not supported.
Only CRAM-MD5 and DIGEST-MD5 (I disabled gssapi and krb-4
at configure time for the SASL libraries).  My guess is 
that this is not supported because it is not needed in 
light of using a simple bind.  

It is not due to lack of support in /etc/sasldb because
a dump of the files lists PLAIN as one of the mechansisms
configured.

My understanding is the the /usr/lib/sasl/<appname>.conf
(i.e. slapd) configuration is used to determine what a PLAIN
mechanisms is authenticated against.  Therefore, for slapd
this configuration file would be unnecessary.  yes or no?

I could think of examples where support for PLAIN 
would be helpful.  Can anyone enlighten me on why PLAIN
is disabled other than the reasons I've mentioned above?





Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter@valinux.com
       http://www.samba.org/       SAMBA Team          jerry@samba.org
       http://www.plainjoe.org/                     jerry@plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )