[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL MD5 - another try
Hello Alexander,
Alexander Lunyov <lan_mailing@startatom.ru> writes:
> Hello Dieter,
>
> Thursday, July 17, 2003, 3:31:03 PM, you wrote:
>
> DK> Hello Alexander,
>
> DK> Alexander Lunyov <lan_mailing@startatom.ru> writes:
>
>>> Hello Dieter,
>>>
>>> Thursday, July 17, 2003, 12:30:25 PM, you wrote:
>>>
>>> DK> Hi,
>>>
>>> DK> Alexander Lunyov <lan_mailing@startatom.ru> writes:
>
>>> DK> That is correct in principle :-)
>>> DK> If you store your userid's and passwords in a directory instead of
>>> DK> sasldb you have to configure sasl and your application (imapd) to look
>>> DK> up the directory. But that is a sasl issue and not an openldap topic.
>>>
>>> Look, I KNOW how to make apps work without MD5 but with LDAP, and
>>> i know how to make apps work with MD5 and without LDAP. In this
>>> doc they telling me that it's ok when you will use SASL and LDAP -
>>> so i'm trying to make it work. And the point is not in apps, if
>>> there is even ldapsearch doesn't work!
>
> DK> Just to prove that it works, I have moved my /etc/sasldb2 to
> DK> /etc/sasldb2_bak, added a plaintext password to my entry, edited
> DK> /usr/lib/sasl2/ldap.conf "pwcheck_method: ldap" (although I'm not sure
> DK> wether this file is read by sasl at all). Here are the results:
>
> DK> -.-.-.-.-.-. userid in directory entry -.-.-.-.-.-.-.-.-.-.-.-.-.-.-
> dieter@marin:~>> ldapwhoami -Y DIGEST-MD5
> DK> SASL/DIGEST-MD5 authentication started
> DK> Please enter your password:
> DK> SASL username: dieter
> DK> SASL SSF: 128
> DK> SASL installing layers
> DK> dn:cn=dieter kluenter,ou=partner,o=avci,c=de
> DK> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
>
> DK> Please note SASL username:, which is without sasl-realm.
>
> DK> -.-.--.-.-.-.userid in sasldb2-.-.-.-.-.-.-.-.-.-.-.-.-
> dieter@marin:~>> ldapwhoami -Y DIGEST-MD5
> DK> SASL/DIGEST-MD5 authentication started
> DK> Please enter your password:
> DK> SASL username: dieter@avci.de
> DK> SASL SSF: 128
> DK> SASL installing layers
> DK> dn:cn=dieter kluenter,ou=partner,o=avci,c=de
> DK> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
>
> DK> Here SASL username: is with sasl-realm
>
> What system do you use, what version of SASL/LDAP, what is i
> those configs (OpenLDAP and SASL)?
>
> I'm still thinking that problem is in FreeBSD.
On my ldapserver I'm running SuSE-Linux-7.3, with OpenLDAP-2.1.19,
cyrus-sasl-2.1.12, MIT Kerberos-1.2.6.
AFAIK every application that uses sasl libraries for authentication
purposes has to have a /usr/lib/sasl(sasl2)/<application>.conf,
except for cyrus-imap, which uses its own /etc/imapd.conf. For syntax
of this configuration file see cyrus-sasl docs.
Are you shure, your saslRegexp are correctly set?
-Dieter
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de