[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: 2.2.11 and --enable-kpasswd



On Fri, 28 May 2004 at 1:12am, Dan wrote:

> > NO!  If set up properly, all you need to do is change
> > {kerberos}userid@realm into {sasl}userid@realm for the value of the
> > userPassword attribute.
> >
>
> >From your previous email i got the impression saslauthd was required for
> this. If my saslauthd is configured to use LDAP (as opposed to say
> kerberos) how will it be able to verify passwords? Wouldn't this
> configuration cause a loop or sorts?

Well, if saslauthd is going to turn around and ask LDAP if the password
is correct, then yes -- that's in the dictionary under "loop, endless:
see endless loop" ... "endless loop: see loop, endless" ...

What is recommended is you configure saslauthd to use Kerberos, and then
slapd to use saslauthd....  It's in the archives...  Search for
saslauthd, oh... almost a year ago now, I think....

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
        === God bless all inhabitants of your planet ===