[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL Authentication
Am Montag, 20. September 2004 21:37 schrieb Kurt D. Zeilenga:
> >> I would like to set the SASL/DIGEST-MD5 as the
> >> default authentication method when ldap commands
> >> such as ldapwhoami and ldapsearch are used.
> >> However, they insist on starting SASL/GSSAPI
> >> authentication. Is there a way to fix this problem?
> >
> >Either delete the Lib in /usr/lib/sasl2 or configure the CLients to use it
> > as default. See ldap.conf(5) SASL_MECH for details.
>
> Not sure SASL_MECH works properly (there was an issue
> reported with it some time ago). I suggest that for
> those not wanting to support GSSAPI authentication,
> that they configure Cyrus SASL without GSSAPI
> support (or, if already reconfigured, simply remove
> Cyrus SASL's GSSAPI plugin). You might also be able
> to mess with Cyrus SASL's config file for slapd(8).
> For further information regarding my suggestions,
> please see the Cyrus SASL documentation.
Yes, of course. Creating a file /usr/lib/sasl2/slapd.conf with a line
mech_list: digest-md5
should also do the trick.
--
Andreas