Re: 2.2.11 and --enable-kpasswd

[Frank Swasey <Frank.Swasey@uvm.edu>]

Please do not reply to me directly, keep the discussion on
openldap-software.

Today at 10:41pm, Dan wrote:

> Thanks for the info!
>
> This should be manageable. I already run saslauthd to lookup ldap
> accounts for authenticating virtual cyrus imap users. I guess all
> OpenLDAP servers will now need to run saslauthd with kerberos v5.
>
> I guess i will need to start storing password hashes in ldap for these
> virtual users. Or have a seperate box running cyrus just for virtual
> users.

NO!  If set up properly, all you need to do is change
{kerberos}userid@realm into {sasl}userid@realm for the value of the
userPassword attribute.

>
> Cheers,
>
> Dan
>
>
> On Thu, 2004-05-27 at 21:28, Frank Swasey wrote:
> >
> > No, this feature is not supported any longer.  You can check back
> > through the archives of this list.  You will need to set up saslauthd
> > and convert your passwords to {sasl} instead of {kerberos}.  Once you
> > get past the typos (that I made...) it works well.  RH9's saslauthd
> > needs to be recycled frequently because it leaks memory like a sieve!
>

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
        === God bless all inhabitants of your planet ===