[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap + sasl + plain|login + pam

To: openldap-software@OpenLDAP.org
Subject: Re: openldap + sasl + plain|login + pam
From: Tom Ryan <tomryan@camlaw.rutgers.edu>
Date: Thu, 11 Jul 2002 00:24:14 -0400 (EDT)
In-reply-to: <Pine.LNX.4.44.0207102353420.24793-100000@camlaw.rutgers.edu>

Sorry to post so quickly again, but this is working now for me.

by putting just sasl-secprops none in slapd.conf, setting up 
/usr/lib/sasl/slapd.conf and /etc/pam.d/ldap

and changing ldap.conf to include SASL_SECPROPS none, I can now 
authenticate using pam.

Hope this helps someone else!

Tom

On Wed, 10 Jul 2002, Tom Ryan wrote:

> It seems from reading various faqs documentation that it is possible to 
> configure my openldap server to authenticate users binding to it with 
> SASL as the backend using PLAIN|LOGIN to authenticate.
> 
> As SASL (on my RH 7.3 system) has pam in plain|login, it seems possible to 
> configure a /usr/lib/sasl/slapd.conf to contain pwcheck_method: pam and 
> then have a /etc/pam.d/ldap??? containing relevant lines.
> 
> essentially, is it possible to have ldap behave much like authenticated 
> smtp does using the sasl library?
> 
> if i query my openldap server for 
> 
> ldapsearch -x -H ldaps://127.0.0.1 -b "" -s base supportedSASLMechanisms
> 
> I get
> 
> supportedSASLMechanisms: PLAIN
> supportedSASLMechanisms: LOGIN
> supportedSASLMechanisms: ANONYMOUS
> 
> Has anyone done this? is it possible?
> 
> Tom
> 
> 

-- 
_______________________________________________________________________
Tom Ryan                                            Voice: 856-225-6361
Consulting System Administrator                       Fax: 856-969-7900
Rutgers School of Law - Camden

References:
- openldap + sasl + plain|login + pam
  - From: Tom Ryan <tomryan@camlaw.rutgers.edu>

Prev by Date: Re: How can I get OpenLDAP to hash passwords as crypt?
Next by Date: Re: How can I get OpenLDAP to hash passwords as crypt?
Index(es):
- Chronological
- Thread