[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: --with-spasswd, SASL/GSSAPI authentication

To: malyprogservices@flashmail.com
Subject: Re: --with-spasswd, SASL/GSSAPI authentication
From: GOMBAS Gabor <gombasg@inf.elte.hu>
Date: Fri, 26 Jan 2001 20:54:32 +0100
Cc: openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <3A71C102.8422C06F@flashmail.com>; from malyprogservices@flashmail.com on Fri, Jan 26, 2001 at 10:25:06AM -0800
References: <5.0.2.1.0.20010110100539.00aa7ec0@router.boolean.net> <3A71C102.8422C06F@flashmail.com>

On Fri, Jan 26, 2001 at 10:25:06AM -0800, malyprogservices@flashmail.com wrote:
> Is there a way to prevent OpenLDAP 2.0.7 and SASL from opening (or
> attempting to open) /etc/sasldb? I've gotten the implication somehow or
> another that I can specify that LDAP is FORCED to use a certain
> pwcheck_method (GSSAPI in my case), by creating a file
> /usr/lib/sasl/slapd.conf file with that option ("pwcheck_method:
> gssapi"). Is that correct?

??? There is no GSSAPI pwcheck method. You are mixing it with the
authentication methods. GSSAPI itself contains no direct support for
checking passwords, it assumes that you are already authenticated to the
underlaying security service (like Kerberos).

Btw, I also dislike that Cyrus SASL always tries to open sasldb even if it
is told to use another method. A quick-and-dirty solution is to create an
empty sasldb using "db_load -T -t btree sasldb < /dev/null".

Gabor

-- 
Gabor Gombas                                       Eotvos Lorand University
E-mail: gombasg@inf.elte.hu                        Hungary

References:
- Re: --with-spasswd, SASL/GSSAPI authentication
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: --with-spasswd, SASL/GSSAPI authentication
  - From: malyprogservices@flashmail.com

Prev by Date: RE: ADSI distributed queries CONVERT failures w/ OpenLDAP
Next by Date: Re: compiling and berkeley db
Index(es):
- Chronological
- Thread