[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problems Enabling Authentication using Cyrus SASL
On 17/11/10 11:09 -0400, Fernando Torrez wrote:
I tried the suggested command (thanks Moorthi):
ldapwhoami -U proxyuser -X u:test -Y digest-md5 -I
with no success. I got this error:
saslauthd -d -V -a ldap -r -O /etc/saslauthd.conf
digest-md5 and saslauthd are incompatible. The cyrus library requires the
use of an auxprop store to retrieve the shared secret that the digest-md5
mechanism uses.
You could use the 'plain' or 'login' mechanisms to authenticate against
saslauthd, but you'd need to set:
sasl-secprops none
(or some other setting which allows plain authentication)
However, that's a potential security risk unless you have some other
network security layer in place.
so I can say that unfortunately there's no comunication between SASLAUTHD
and LDAP.
Now I will try the suggestion to separate saslauthd and ldapdb (thanks
Dieter)
But I'm still wondering if there's a way to work ldap server and
cyrus-sasl together. Let's be more accuratte
1.- Connect to ldap server throught cyrus-sasl (let's say
authenticated/authorized proxyuser connected to ldap server)
If you're looking to do digest-md5 authentication directly to slapd, then
you'll probably want to look at using the internal slapd auxprop plugin.
See chapter 15 of the OpenLDAP Administrator's Guide for documentation.
2.- Once connected to the ldap server, authenticate/authorize other user
(or any object ) saved on ldap server using previous connection done in
step 1
I'm not sure I understand what you're trying to do in step 2. Are you
attempting to authenticate some other service other than slapd?
--
Dan White