[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Priority or restriction of SASL mechanisms
Thanks for the tip! For future inquirers, The OpenLDAP-specific config
file is /usr/lib/sasl2/slapd.conf, which could look like this, if I'm
reading the docs correctly:
mech_list: GSSAPI plain
John
On Fri, 2005-01-07 at 13:36 -0800, Kurt D. Zeilenga wrote:
> You can control which mechanisms are available to a Cyrus SASL
> enabled application via Cyrus SASL.... see Cyrus SASL docs
> for how (and the Cyrus SASL list for help).
>
> Kurt
>
>
> At 10:20 AM 1/6/2005, John Morris wrote:
> >Hi, all!
> >
> >Just got upgraded to 2.2 from 2.0. I'm using the FC3 RPMs. One
> >behavioral change from 2.0 (which were modified RH RPMs from a couple
> >years ago) is that when doing an ldapsearch, the default SASL mechanism
> >is now MD5, whereas before it was GSSAPI (which is what I desire). If I
> >add '-Y GSSAPI' to the ldapsearch commandline, GSSAPI works gorgeous.
> >
> >This seems a little strange since I haven't configured any MD5 mechanism
> >(is any required?), and don't run saslauthd.
> >
> >I've hacked away the problem with an 'rpm -e --nodeps cyrus-sasl-md5'.
> >Kinda nasty (why does the RH openldap RPM even depend on that package,
> >anyway?).
> >
> >Is there a way to restrict the list of SASL mechanisms or to put a
> >priority on them? Thanks for any advice.
> >
> > John
>