[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
YASQ - yet another sasl question
i'm embarrassed to admit, as a veteran solaris admin, i never even heard
of sasl until i started fiddling with openldap 2 weeks ago. and since
then its been the bane of my existence. at this point i've read so
much about sasl/ldap, and tried so many different things i've finally
decided i need specific help to stop the spinning in my head. i've
surpassed information overload...
sorry to kill what seems to be a dead horse by the many previous related
posts.
software:
redhat 7.1 on amd k6-II/400
openldap 2.0.11
cyrus-sasl 1.5.24
i'd like to use ldap/pam for authenticting users. i have no problem with
simple auth. i have successfully created ldap entries of objectclass
posixAccount. likewise, padl pam modules are in place and these users can
login _IF_ i have ldaps running. these users, however, cannot change
their passwords (pam password system-auth entries assumed to be correct).
also- i can run all ldap clients if i use -x, otherwise no.
i currently dont have any 'access' lines in my slapd.conf. its plain
vanilla except modifying my dn. my ldap client binary's are compiled for
sasl dont seem to work. i have entires in /etc/sasldb, but am extremely
confused as to whether they're unique, tied to ldap users, or local users.
i reluctantly confess (betraying my ego :) that i havent grasped how sasl
fits into the picture. i understand it theorectically but cant see how
it fits into this picture. from what i've read- it seems to redundantly
provide the same consolidated authentication that pam serves ???!
all help and insight is greatly appreciated.
jimi.