[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Priority or restriction of SASL mechanisms



Thanks for the tip!  For future inquirers, The OpenLDAP-specific config
file is /usr/lib/sasl2/slapd.conf, which could look like this, if I'm
reading the docs correctly:

mech_list: GSSAPI plain

	John

On Fri, 2005-01-07 at 13:36 -0800, Kurt D. Zeilenga wrote:
> You can control which mechanisms are available to a Cyrus SASL
> enabled application via Cyrus SASL....  see Cyrus SASL docs
> for how (and the Cyrus SASL list for help).
> 
> Kurt
> 
> 
> At 10:20 AM 1/6/2005, John Morris wrote:
> >Hi, all!
> >
> >Just got upgraded to 2.2 from 2.0.  I'm using the FC3 RPMs.  One
> >behavioral change from 2.0 (which were modified RH RPMs from a couple
> >years ago) is that when doing an ldapsearch, the default SASL mechanism
> >is now MD5, whereas before it was GSSAPI (which is what I desire).  If I
> >add '-Y GSSAPI' to the ldapsearch commandline, GSSAPI works gorgeous.
> >
> >This seems a little strange since I haven't configured any MD5 mechanism
> >(is any required?), and don't run saslauthd.
> >
> >I've hacked away the problem with an 'rpm -e --nodeps cyrus-sasl-md5'.
> >Kinda nasty (why does the RH openldap RPM even depend on that package,
> >anyway?).
> >
> >Is there a way to restrict the list of SASL mechanisms or to put a
> >priority on them?  Thanks for any advice.
> >
> >        John
>