[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Priority or restriction of SASL mechanisms

To: John Morris <openldap@butchwax.com>
Subject: Re: Priority or restriction of SASL mechanisms
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 07 Jan 2005 13:36:42 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <1105035605.13919.268.camel@localhost.localdomain>
References: <1105035605.13919.268.camel@localhost.localdomain>

You can control which mechanisms are available to a Cyrus SASL
enabled application via Cyrus SASL....  see Cyrus SASL docs
for how (and the Cyrus SASL list for help).

Kurt


At 10:20 AM 1/6/2005, John Morris wrote:
>Hi, all!
>
>Just got upgraded to 2.2 from 2.0.  I'm using the FC3 RPMs.  One
>behavioral change from 2.0 (which were modified RH RPMs from a couple
>years ago) is that when doing an ldapsearch, the default SASL mechanism
>is now MD5, whereas before it was GSSAPI (which is what I desire).  If I
>add '-Y GSSAPI' to the ldapsearch commandline, GSSAPI works gorgeous.
>
>This seems a little strange since I haven't configured any MD5 mechanism
>(is any required?), and don't run saslauthd.
>
>I've hacked away the problem with an 'rpm -e --nodeps cyrus-sasl-md5'.
>Kinda nasty (why does the RH openldap RPM even depend on that package,
>anyway?).
>
>Is there a way to restrict the list of SASL mechanisms or to put a
>priority on them?  Thanks for any advice.
>
>        John

Follow-Ups:
- Re: Priority or restriction of SASL mechanisms
  - From: John Morris <openldap@butchwax.com>

References:
- Priority or restriction of SASL mechanisms
  - From: John Morris <openldap@butchwax.com>

Prev by Date: Re: Multiple syncrepl problems
Next by Date: Re[6]: openldap db wiped?
Index(es):
- Chronological
- Thread