[Date Prev][Date Next] [Chronological] [Thread] [Top]

login using SASL

To: openldap-software@OpenLDAP.org
Subject: login using SASL
From: Tomonari Hattori <tomo@ppi.co.jp>
Date: Thu, 06 May 2004 22:19:37 +0900
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; ja-JP; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Hi, I am planning to completely replace my old NIS server with OpenLDAP
server. So I have implemented some software for this purpose.

I am testing OpenLDAP-2.2.8 and cyrus-sasl-2.1.18 and nss_ldap-217 and
pam-ldap-169 on Redhat9.

I have read about ldapdb.c on this mailing list and succeeded in using it.
 And this point, I have consern about security issue. LDAP server uses
SIMPLE auth by default, so I have implemented SASL also.

Now I can do ldapsearch or ldappasswd using SASL digest-md5
authentication(with -U option). It can be done from ldap-client via network.

But when I do console login or network login, it doesn't work.
When logged in, LDAP client is trying to contact server using SIMPLE
auth. How can I make login sesson to use SASL auth?
I think this is not related to pam_ldap or nss_ldap because OpenLDAP
uses SASL implicitly.

I habe added to slapd.conf;
	require strong
but doesn't work...


Tomonari Hattori <tomo@ppi.co.jp>
Website http://www.ppi.co.jp

Follow-Ups:
- Re: login using SASL
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Slave slapd doesn't accept bind from slurpd
Next by Date: Regex access problem
Index(es):
- Chronological
- Thread