On 09/09/10 19:41 +0200, Dieter Kluenter wrote:
Wouter van Marle <wouter@squirrel-systems.com> writes:On 9 Sep 10, at 21:47, Dan White wrote:On 09/09/10 12:47 +0800, Wouter van Marle wrote:[...]Most important difference is that pam is not mentioned here. But then from other mails I understand that slapd only wants to use saslauthd and not pam.[...] No, slapd doesn't want saslauthd, nor pam, it is just a hack. Please do not use saslauthd authentication agent in a kerberized environment. Make use of proper nativ sasl mechanism.
Why has it been said that this is unsupported or a hack. Pass-through authentication is clearly documented in the Administrator's Guide (Section 14.5). Is it not supported? The fact that GSSAPI/Kerberos5 is involved in not really relevant. Even though he has successfully performed a GSSAPI bind to the server, that doesn't have anything to do with the fact that he's wanting to perform pass-through authentication to libsasl. If the response is "Your slapd server is configured properly for pass-through authentication. You're on the wrong list, go away", that's perfectly understandable. There's no reason I've seen that this should not work. People will find solutions to solve their problems, even if said solution is not ideal. Just because it's not your ideal does not suggest it's a horrible ugly hack. Finding a solution for Evolution that does not involve a patch against X client systems is going to be a far smaller hack. -- Dan White