[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL??

To: openldap-software@OpenLDAP.org
Subject: RE: SASL??
From: "Michalski, Rafał" <RMichalski@eragsm.pl>
Date: Tue, 20 Mar 2001 12:31:39 +0100
Cc: "'phil@bolthole.com'" <phil@bolthole.com>

SASL is not another stuff like Kerberos.
It is a library of so called 
'mechanisms' of user authentication.
One of these mechanisms is authentication in Kerberos.
OpenLDAP makes calls from this library.

As of TLS, it should be another SASL mechanism.
Apparently it is not.
Netscape browser reports no supported SASL
mechanisms at URL ldap://servername/?supportedsaslmechanisms .
On the other hand, 
you can install OpenLDAP with TLS and without SASL,
then make ''ldapsearch -Z -x'' calls.
SASL RFC 2222 sounds ambiguous to me 
about relations between SASL and TLS.

What I said above are my impressions.
See e-mails I posted to openldap-software
and cyrus-sasl lists.
I got no authoritative answer so far.

Rafal.

> it seems to be Yet Another userID scheme like kerberos or NIS+.

Prev by Date: Re: Secure replication, using KerberosV keytab (or SASL?)
Next by Date: Problem with OpenLDAP 1.2.11
Index(es):
- Chronological
- Thread