[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: separate sasl-secprops for different tansports

To: Hai Zaar <haizaar@gmail.com>
Subject: Re: separate sasl-secprops for different tansports
From: Howard Chu <hyc@symas.com>
Date: Thu, 26 Oct 2006 07:34:30 -0700
Cc: openldap-software@openldap.org, Karsten Künne <kuenne@rentec.com>
In-reply-to: <cfb54190610260648m56fbd502rf59503782b1efc0d@mail.gmail.com>
References: <cfb54190610260049x56bb1272l370c376aafb05117@mail.gmail.com> <200610260845.52287.kuenne@rentec.com> <cfb54190610260648m56fbd502rf59503782b1efc0d@mail.gmail.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060911 Netscape/7.2 (ax) Firefox/1.5 SeaMonkey/1.5a

Hai Zaar wrote:


Why don't you just remove the SASL mechanisms you don't want? The
SASL/EXTERNAL will always be there

Does not look like that - if I set "sasl-secprops
noanonymous,noplain,noactive" then heimdal-kdc, which uses
SASL/EXTERNAL over slapi fails to connect (removing 'noactive' solves
that).

You're missing the point. Leave the sasl-secprops at their default setting and just remove the modules for the SASL mechanisms that you don't want to allow.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

References:
- separate sasl-secprops for different tansports
  - From: "Hai Zaar" <haizaar@gmail.com>
- Re: separate sasl-secprops for different tansports
  - From: Karsten KÃnne <kuenne@rentec.com>
- Re: separate sasl-secprops for different tansports
  - From: "Hai Zaar" <haizaar@gmail.com>

Prev by Date: Re: replication problem
Next by Date: Re: separate sasl-secprops for different tansports
Index(es):
- Chronological
- Thread