[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldappasswd + SASL

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: ldappasswd + SASL
From: Andreas Hasenack <andreas@conectiva.com.br>
Date: Fri, 22 Jun 2001 10:40:41 -0300
Cc: openldap-software <openldap-software@OpenLDAP.org>
Content-disposition: inline
In-reply-to: <5.1.0.14.0.20010621135033.03083b18@127.0.0.1>; from Kurt@OpenLDAP.org on Thu, Jun 21, 2001 at 02:01:58PM -0700
References: <20010621174425.C23550@conectiva.com.br> <5.1.0.14.0.20010621135033.03083b18@127.0.0.1>
User-agent: Mutt/1.3.17i

Em Thu, Jun 21, 2001 at 02:01:58PM -0700, Kurt D. Zeilenga escreveu:
> At 01:44 PM 6/21/2001, Andreas Hasenack wrote:
> >A question regarding the use of the ldappasswd utility and SASL
> >authentication.
> 
> ldappasswd(1), as provided with 2.0, is intended to be used
> to change the authenticated user's password.  Hence, simple
> bind should be used to change the user's simple bind password.
> 2.0 doesn't provide a means for a user authenticating via
> SASL mechanism to change their password (assuming a password
> based mechanism is used).  These are managed by Cyrus SASL.

Do you mean it is then useless to use SASL authentication via
ldappasswd since it cannot change the SASL password?
So, the only use for ldapasswd in openldap-2.0.x is when using
simple authentication, and, in that case, better to use TLS,
right? If that's the case, the SASL support is there only for
completeness and for when SASL password change is supported, 
right?

References:
- ldappasswd + SASL
  - From: Andreas Hasenack <andreas@conectiva.com.br>
- Re: ldappasswd + SASL
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: RE: LDAP, Apache and RADIUS/TACACS+
Next by Date: str2entry: invalid value for syntax 1.3.6.1.4.1.1466.115.121.1.44?
Index(es):
- Chronological
- Thread