[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and SASL...



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

...whoops, I meant to post back to the list, too. Sorry for the duplicate.

Kevin-
Thanks for your reply! You're right, I did mean to say testsaslauthd.

| Then you're suffering from the same misconception that I have been.
| saslauthd does nothing except auth mechs PLAIN and LOGIN (both
| plaintext).
Maybe I'm confusing some things. Is this differant than the mech you
give it upon starting it? (i.e. saslauthd -a kerberos5)

| That's not what that means.  It means that plaintext authentication via
| saslauthd is working (probably checking sasldb for the password).
| That's all.  It's not looking in your LDAP directory for the passwords
| there or at your KDC.
When I issues the 'testsaslauthd -u tobias -p passwd' I get this in my
kerberos log:
2004-10-22T06:07:41 AS-REQ tobias@PLAYGROUND.NET from IPv4:192.168.44.12
for krbtgt/PLAYGROUND.NET@PLAYGROUND.NET
2004-10-22T06:07:41 Using des3-cbc-sha1/des3-cbc-sha1
2004-10-22T06:07:41 sending 605 bytes to IPv4:192.168.44.12
2004-10-22T06:07:41 TGS-REQ tobias@PLAYGROUND.NET from
IPv4:192.168.44.12 for host/swiss.playground.net@PLAYGROUND.NET
2004-10-22T06:07:41 sending 620 bytes to IPv4:192.168.44.12

...so thats why I thought it was working against kerberos. I didn't
think it was hitting ldap.
So, is what I'm wanting to do even possible?
user -> some service -> pam (using pam_ldap.so) -> slapd (tries to auth
and continues to sasl) -> sasl -> kerberos(windows kdc).

Many thanks again for your time, Kevin.
Tobias
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQFBeYh5RJX8S0T0CkURAp0/AJ9Qi6qgmnvKPu2ojucEaCL2nMLWYwCfQ8SW
/Eb8+8w+yuBnupV6exoX7Rw=
=Z7t2
-----END PGP SIGNATURE-----