[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Priority or restriction of SASL mechanisms



You can control which mechanisms are available to a Cyrus SASL
enabled application via Cyrus SASL....  see Cyrus SASL docs
for how (and the Cyrus SASL list for help).

Kurt


At 10:20 AM 1/6/2005, John Morris wrote:
>Hi, all!
>
>Just got upgraded to 2.2 from 2.0.  I'm using the FC3 RPMs.  One
>behavioral change from 2.0 (which were modified RH RPMs from a couple
>years ago) is that when doing an ldapsearch, the default SASL mechanism
>is now MD5, whereas before it was GSSAPI (which is what I desire).  If I
>add '-Y GSSAPI' to the ldapsearch commandline, GSSAPI works gorgeous.
>
>This seems a little strange since I haven't configured any MD5 mechanism
>(is any required?), and don't run saslauthd.
>
>I've hacked away the problem with an 'rpm -e --nodeps cyrus-sasl-md5'.
>Kinda nasty (why does the RH openldap RPM even depend on that package,
>anyway?).
>
>Is there a way to restrict the list of SASL mechanisms or to put a
>priority on them?  Thanks for any advice.
>
>        John