[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL's PLAIN mechanism

To: /home/queso/gcarter <gcarter@valinux.com>
Subject: Re: SASL's PLAIN mechanism
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 03 Nov 2000 14:09:32 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3A03350A.B60784E6@valinux.com>

At 03:58 PM 11/3/00 -0600, /home/queso/gcarter wrote:
>>From servers/slapd/sasl.c (OpenLDAP 
>
>201     sasl_secprops.max_ssf = INT_MAX;
>202     sasl_secprops.maxbufsize = 65536;
>203     sasl_secprops.security_flags =
>SASL_SEC_NOPLAINTEXT|SASL_SEC_NOANONYMOUS;
>204 #endif

These are the defaults.  You can alter them via slapd.conf(5).

>My understanding is the the /usr/lib/sasl/<appname>.conf
>(i.e. slapd) configuration is used to determine what a PLAIN
>mechanisms is authenticated against.  Therefore, for slapd
>this configuration file would be unnecessary.  yes or no?

It's unnecessary unless you alter the defaults such
that PLAIN is specified.

>Can anyone enlighten me on why PLAIN
>is disabled other than the reasons I've mentioned above?

RFC 2829, Section 8, Paragraph 2.

References:
- SASL's PLAIN mechanism
  - From: /home/queso/gcarter <gcarter@valinux.com>

Prev by Date: SASL's PLAIN mechanism
Next by Date: Troubles with binary attributes
Index(es):
- Chronological
- Thread