[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_sasl_interative_bind_s error

To: openldap-software@OpenLDAP.org
Subject: Re: ldap_sasl_interative_bind_s error
From: Theodore Knab <tjk@annapolislinux.org>
Date: Mon, 8 Apr 2002 22:56:54 -0400
Content-disposition: inline
In-reply-to: <3CB20011.1040905@shadlen.org>
References: <20020408201900.GA31689@annapolislinux.org> <3CB20011.1040905@shadlen.org>
User-agent: Mutt/1.3.27i

I guess a better question then might be will I run into problem if I run
it like this ?


    On Mon, Apr 08, 2002 at 01:39:45PM -0700, David Wright wrote:

    Without a -x, the ldap* commands attempt to bind using SASL 
    authentication, rather than straight, cleartext password authentication. 
     If you want to use SASL authentication, you'll have to set it up.

    IMHO, SASL is a worse than useless security system. It stores passwords 
    in cleartext and thinks it is improving security by allowing 
    authentication by passing, in cleartext, the MD5 hash of a password. 
    Unfortunately, SASL managed to get itself into the v3 LDAP spec.

    Either always use the -x or recompile OpenLDAP --without-sasl.


-- 
---------------------
I feel naked outside of Vim.
---------------------
Ted Knab

References:
- ldap_sasl_interative_bind_s error
  - From: Theodore Knab <tjk@annapolislinux.org>
- Re: ldap_sasl_interative_bind_s error
  - From: David Wright <ichbin@shadlen.org>

Prev by Date: Re: ldap_sasl_interative_bind_s error
Next by Date: indexing
Index(es):
- Chronological
- Thread