[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Solaris Strong Authentication
On Tue, 13 May 2003, Michel Lacle wrote:
> Hi Group,
>
> I'm in charge researching ways to implement strong authentication on
> Solaris, and RedHat boxes for my university. I seems that on a RedHat
> box this can be done by using SASL & TLS, but does anyone have any
> ideas/experience with strong authentication with Solaris machines? Can
> it even be done?
Solaris 9 can do SASL/(DIGEST|CRAM)-MD5 and TLS. SASL/DIGEST-MD5 (and I
believe CRAM-MD5) is broken when used with Openldap. It should work with
iplanet. Solaris 9 ldap client tries to sasl bind with 'dn: <dn>' which
openldap reports as an invalid DN. Openldap can be hacked to work around
this issue. Should it?
Also try www.padl.com. padl nss supports both sasl and tls, but pam does
not appear to support sasl.
Hope this helps.
--
Igor