[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RH 9 packages

To: Howard Chu <hyc@highlandsun.com>
Subject: Re: RH 9 packages
From: jehan procaccia <jehan.procaccia@int-evry.fr>
Date: Tue, 06 May 2003 14:07:23 +0200
Cc: "'Jeff Warnica'" <jeffw@chebucto.ns.ca>, openldap-software@OpenLDAP.org
In-reply-to: <00b201c313b4$54b169e0$6450a8c0@CELLO>
References: <00b201c313b4$54b169e0$6450a8c0@CELLO>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Howard Chu wrote:

-----Original Message----- From: owner-openldap-software@OpenLDAP.org [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of jehan procaccia
Jeff Warnica wrote:
Do these include the SASL indirectory storage of passwords?
If you're building with Cyrus SASL 2.1 then this feature is enabled automatically. If you're using Cyrus 1.5 then it is not supported.

RH 9 ships with cyrus-sasl-2.1.10-4, and I did also put in ./configure: --with-cyrus-sasl Anyway, if in doubt, check spec file, everything is there, and it's advisable to recompile the source package : rpm -i openldap-2.1.17-2.src.rpm vi /usr/src/redhat/SPECS/openldap-2.1.17.spec rpmbuild -ba /usr/src/redhat/SPECS/openldap-2.1.17.spec

here's the complet configure section i used to create the RH 9 binaries:
%configure \
       --with-slapd --with-slurpd --without-ldapd \
       --with-threads=posix --enable-static \
       \
       --enable-local --enable-cldap --disable-rlookups \
       \
       --with-tls \
       --with-cyrus-sasl \
       \
       --enable-wrappers \
       \
       --enable-passwd \
       --enable-shell \
       --enable-cleartext \
       --enable-crypt \
       --enable-spasswd \
       --enable-modules \
       --enable-lmpasswd \
       --enable-monitor \
       --enable-rewrite \
       --enable-ldap \
       --enable-meta \
       --enable-shell \
       --enable-password \
       --enable-debug \
       \
       --libexecdir=%{_sbindir} \
       --localstatedir=/%{_var}/run \

On Tue, 2003-05-06 at 04:30, jehan procaccia wrote:

for those of you interested, I just made RedHat 9 rpm packages of openldap 2.1.17 with BDB 4.1.25

I don't use this feature, however by looking at the spec file you'll see that I compiled the server with: --enable-spasswd which means: enable (Cyrus) SASL password verification.


That is a different thing entirely. --enable-spasswd allows users to
authenticate LDAP Simple Binds against SASL. This is done by using a "{SASL}"
scheme as a prefix for the userPassword, with the SASL username appended. Use
of this feature is for the most part a security liability and is very much
discouraged.

With in-directory storage of SASL secrets the userPassword attribute is used
by SASL Binds. The userPassword should be unadorned plain text, because its
value is passed unmodified to the Cyrus SASL authentication modules.

 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support

References:
- RE: RH 9 packages
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: ldap sasl bind programming : digest-md5 problem
Next by Date: Do large searches block updates under the ldbm backend?
Index(es):
- Chronological
- Thread