[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kpasswd

To: "Howard Chu" <hyc@highlandsun.com>
Subject: Re: kpasswd
From: Allan Streib <astreib@indiana.edu>
Date: Fri, 17 Oct 2003 15:47:10 -0500
Cc: "'Frank Swasey'" <Frank.Swasey@uvm.edu>, "'Paul M Fleming'" <pfleming@siumed.edu>, "'Allan E Johannesen'" <aej@WPI.EDU>, <openldap-software@OpenLDAP.org>
In-reply-to: <000e01c394ef$11407f40$e19d180a@CELLO>


On Friday, October 17, 2003, at 03:35 PM, Howard Chu wrote:

Password {SCHEMES} in the userPassword attribute are only for use with LDAP Simple Bind, not for SASL Binds. This whole thread has been about using Kerberos passwords with Simple Binds, why it's a bad idea, and how to do it if you're OK with doing something unwise.

If your clients are already using SASL Binds, then you can safely ignore every email in this thread.

Yes, this is about allowing simple binds. I encourage clients to use GSSAPI SASL binds if they can, but I have also needed to support simple binds. I'm trying to make this {SASL} password thing work, since the {KERBEROS} scheme is being dropped.

Allan

Follow-Ups:
- Re: kpasswd
  - From: Paul M Fleming <pfleming@siumed.edu>

References:
- RE: kpasswd
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Re: kpasswd
Next by Date: Re: kpasswd
Index(es):
- Chronological
- Thread