[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL's PLAIN mechanism
Folks,
Can someone confirm (or correct) the following behavior
in OpenLDAP 2.0?
>From servers/slapd/sasl.c (OpenLDAP
201 sasl_secprops.max_ssf = INT_MAX;
202 sasl_secprops.maxbufsize = 65536;
203 sasl_secprops.security_flags =
SASL_SEC_NOPLAINTEXT|SASL_SEC_NOANONYMOUS;
204 #endif
According to the rootDSE entry for an OpenLDAP 2.0.6
slapd server, the PLAIN SASL mechanism is not supported.
Only CRAM-MD5 and DIGEST-MD5 (I disabled gssapi and krb-4
at configure time for the SASL libraries). My guess is
that this is not supported because it is not needed in
light of using a simple bind.
It is not due to lack of support in /etc/sasldb because
a dump of the files lists PLAIN as one of the mechansisms
configured.
My understanding is the the /usr/lib/sasl/<appname>.conf
(i.e. slapd) configuration is used to determine what a PLAIN
mechanisms is authenticated against. Therefore, for slapd
this configuration file would be unnecessary. yes or no?
I could think of examples where support for PLAIN
would be helpful. Can anyone enlighten me on why PLAIN
is disabled other than the reasons I've mentioned above?
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com
http://www.samba.org/ SAMBA Team jerry@samba.org
http://www.plainjoe.org/ jerry@plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )