[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP authenticaton against PAM how-to
Emmanuel Dreyfus wrote, on 09. feb 2007 06:32:
I banged my head on OpenLDAP -> SASL -> PAM for two days. The status of
the documentation is really horrible. Until someone eventually fix that,
here is for future reference what I had to do (the NetBSD system parts
are out of topic, but I added them for the sake of completeness)
All of what you write *might* work for you in your own situation, but
it's inferior and incomplete in as much as SASL methods using high
security factors are excluded from your recipe - see:
http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer
Use of pam and saslauthd are unnecessary for OL and in fact put you into
a strait jacket that prevents you from using far stronger and more
effective authentication methods.
I'll grant that the OL documentation pertaining to implementation of
SASL is incomplete, but there's now so much other documentation on the
Internet that there should be no excuse for not finding sufficient; try
)apologies if the url gets folded):
http://find.stanford.edu/search?q=sasl&site=stanford&client=stanford&proxystylesheet=stanford&output=xml_no_dtd&btnG.x=14&btnG.y=9
for starters?
Best,
--Tonni
--
Tony Earnshaw
Email: tonni at hetnet dot nl