Re: SASL MD5 - another try

[Dieter Kluenter <dieter@dkluenter.de>]

Hello Alexander,

Alexander Lunyov <lan_mailing@startatom.ru> writes:

> Hello Dieter,
>
> Thursday, July 17, 2003, 12:30:25 PM, you wrote:
>
> DK> Hi,
>
> DK> Alexander Lunyov <lan_mailing@startatom.ru> writes:

> DK> That is correct in principle :-)
> DK> If you store your userid's and passwords in a directory instead of
> DK> sasldb you have to configure sasl and your application (imapd) to look
> DK> up the directory. But that is a sasl issue and not an openldap topic.
>
>     Look, I KNOW how to make apps work without MD5 but with LDAP, and
>     i know how to make apps work with MD5 and without LDAP. In this
>     doc they telling me that it's ok when you will use SASL and LDAP -
>     so i'm trying to make it work. And the point is not in apps, if
>     there is even ldapsearch doesn't work!

Just to prove that it works, I have moved my /etc/sasldb2 to
/etc/sasldb2_bak, added a plaintext password to my entry, edited
/usr/lib/sasl2/ldap.conf "pwcheck_method: ldap" (although I'm not sure
wether this file is read by sasl at all). Here are the results:

-.-.-.-.-.-. userid in directory entry -.-.-.-.-.-.-.-.-.-.-.-.-.-.-
dieter@marin:~> ldapwhoami -Y DIGEST-MD5
SASL/DIGEST-MD5 authentication started
Please enter your password: 
SASL username: dieter
SASL SSF: 128
SASL installing layers
dn:cn=dieter kluenter,ou=partner,o=avci,c=de
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-

Please note SASL username:, which is without sasl-realm.

-.-.--.-.-.-.userid in sasldb2-.-.-.-.-.-.-.-.-.-.-.-.-
dieter@marin:~> ldapwhoami -Y DIGEST-MD5
SASL/DIGEST-MD5 authentication started
Please enter your password: 
SASL username: dieter@avci.de
SASL SSF: 128
SASL installing layers
dn:cn=dieter kluenter,ou=partner,o=avci,c=de
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-

Here SASL username: is with sasl-realm

-Dieter


-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de