[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: separate sasl-secprops for different tansports

To: Hai Zaar <haizaar@gmail.com>
Subject: Re: separate sasl-secprops for different tansports
From: Norbert Klasen <norbert@burgundy.dyndns.org>
Date: Thu, 26 Oct 2006 22:40:05 +0200
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <cfb54190610260648m56fbd502rf59503782b1efc0d@mail.gmail.com>
References: <cfb54190610260049x56bb1272l370c376aafb05117@mail.gmail.com> <200610260845.52287.kuenne@rentec.com> <cfb54190610260648m56fbd502rf59503782b1efc0d@mail.gmail.com>

Why don't you just remove the SASL mechanisms you don't want? The
SASL/EXTERNAL will always be there

Does not look like that - if I set "sasl-secprops
noanonymous,noplain,noactive" then heimdal-kdc, which uses
SASL/EXTERNAL over slapi fails to connect (removing 'noactive' solves
that).

Rather then removing the mechanism libraries from your system, you can just limit the available mechanisms for your application, by setting mech_list: GSSAPI EXTERNAL in your sasl configuration file for slapd (likely /usr/lib/sasl2/slapd.conf).


--
Norbert

References:
- separate sasl-secprops for different tansports
  - From: "Hai Zaar" <haizaar@gmail.com>
- Re: separate sasl-secprops for different tansports
  - From: Karsten KÃnne <kuenne@rentec.com>
- Re: separate sasl-secprops for different tansports
  - From: "Hai Zaar" <haizaar@gmail.com>

Prev by Date: Re: provider slapd segfault with syncprov
Next by Date: Re: back-perl bind oddity
Index(es):
- Chronological
- Thread