[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldappasswd + SASL



Em Thu, Jun 21, 2001 at 02:01:58PM -0700, Kurt D. Zeilenga escreveu:
> At 01:44 PM 6/21/2001, Andreas Hasenack wrote:
> >A question regarding the use of the ldappasswd utility and SASL
> >authentication.
> 
> ldappasswd(1), as provided with 2.0, is intended to be used
> to change the authenticated user's password.  Hence, simple
> bind should be used to change the user's simple bind password.
> 2.0 doesn't provide a means for a user authenticating via
> SASL mechanism to change their password (assuming a password
> based mechanism is used).  These are managed by Cyrus SASL.

Do you mean it is then useless to use SASL authentication via
ldappasswd since it cannot change the SASL password?
So, the only use for ldapasswd in openldap-2.0.x is when using
simple authentication, and, in that case, better to use TLS,
right? If that's the case, the SASL support is there only for
completeness and for when SASL password change is supported, 
right?