[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL mechanisms

To: OpenLDAP software list <openldap-software@OpenLDAP.org>
Subject: Re: SASL mechanisms
From: Andreas Hasenack <ahasenack@terra.com.br>
Date: Mon, 20 Feb 2006 13:36:02 -0300
Content-disposition: inline
In-reply-to: <43F9D34A.6040901@uvm.edu>
References: <43F9D34A.6040901@uvm.edu>
User-agent: Mutt/1.5.11

On Mon, Feb 20, 2006 at 09:33:46AM -0500, Francis Swasey wrote:
> Folks,
>   Having been bitten by someone installing a SASL mechanism on a server 
> that also is one of my LDAP servers which was not configured (it 
> happened to be Red Hat decided this mechanism is required to have 
> sendmail on the system, but it could have been another sys admin)..  I 
> am wondering why we have to play with "sasl-secprops" to tell slapd what 
> types of mechanisms are not wanted.
> 
>   Is there a problem with providing a "sasl-mechanisms" config option 
> that would list (GSSAPI, CRAM-MD5, etc) the specific mechanisms we 
> wanted to support?

That's a SASL configuration. Try creating this file:
/usr/lib/sasl2/slapd.conf
pwcheck_method: auxprop
mech_list: DIGEST-MD5 CRAM-MD5

List the SASL mechanisms you want slapd to offer. If you intend to offer
plain text mechanisms, then you will also have to use "sasl-secprops
none" in slapd.conf.

Follow-Ups:
- Re: SASL mechanisms
  - From: Francis Swasey <Frank.Swasey@uvm.edu>

References:
- SASL mechanisms
  - From: Francis Swasey <Frank.Swasey@uvm.edu>

Prev by Date: Re: slackware + openldap: could not locate usable POSIX Threads
Next by Date: Filter Problem
Index(es):
- Chronological
- Thread