[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: nss_ldap error



man, 08.12.2003 kl. 15.09 skrev Adam Denenberg:

> thanks Tony.  The main reason i wanted to avoid pam is b/c pam does not
> seem to support SASL from what i have read and i need the pam libraries
> to force a SASL auth request since my ldap server passes authentication
> to a radius server.  Putting radius credentials on each ssh client is
> not feasible which is why i want to go the ldap route.
> 
>  Any workarounds for that do you see?

I don't know how Radius works, I'm afraid. You're certainly right that
pam_ldap doesn't have any idea of how SASL works - it uses simple binds,
either anonymous then re-authenticating as a user, or using a proxy
user. I suspect you might get better help on the Radius list, if there
is one.

FWIW and thanks to this list, I have SASL digest-md5 proxy authorization
built into my 2.1.25 server config, because I need it for LDAP-based
Postfix smtp SASL auth, using Howard's libldap auxprop library. That way
I pass my slapd SASL on to a third-party utility. Probably won't help
you though, but it's worth mentioning.

--Tonni

-- 
mail: billy - at - billy.demon.nl
http://billy.demon.nl