[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP as a SASL backend

To: openldap-software@openldap.org
Subject: Re: OpenLDAP as a SASL backend
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Mon, 5 Nov 2007 17:53:21 +0200
Cc: Zohar Lev Shani <levshani5252@gmail.com>
Content-disposition: inline
In-reply-to: <d25e0d550711050320y419699e5o4b09cdb591701bde@mail.gmail.com>
References: <d25e0d550710110313l47a0cccch28a944a7bed8a70@mail.gmail.com> <472EC534.6030107@symas.com> <d25e0d550711050320y419699e5o4b09cdb591701bde@mail.gmail.com>
User-agent: KMail/1.9.6

On Monday 05 November 2007 13:20:04 Zohar Lev Shani wrote:
> I understand now why I cannot put hashed userPassword when I use SASL. But,
> does it mean that the ONLY place where I can use hashed passwords for
> authentication is the rootpw directive in slapd.conf, or, there are more
> sensible use cases where it can be used?

Uh, well, if you want to use SASL mechanisms that require a shared secret, 
obviously: no. If you want to use simple binds, then you can use a hashed 
userPassword. If you want to use other SASL mechanisms that support encrypted 
keys, mutual 3rd-party authentication - then you're not going to use 
userPassword at all ...

Regards,
Buchan

References:
- Re: OpenLDAP as a SASL backend
  - From: Howard Chu <hyc@symas.com>
- Re: OpenLDAP as a SASL backend
  - From: "Zohar Lev Shani" <levshani5252@gmail.com>

Prev by Date: Re: SLES 9.3 spec file for building openldap 2.3.38
Next by Date: Re: OpenLDAP as a SASL backend
Index(es):
- Chronological
- Thread