[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL mechanisms



On Mon, Feb 20, 2006 at 09:33:46AM -0500, Francis Swasey wrote:
> Folks,
>   Having been bitten by someone installing a SASL mechanism on a server 
> that also is one of my LDAP servers which was not configured (it 
> happened to be Red Hat decided this mechanism is required to have 
> sendmail on the system, but it could have been another sys admin)..  I 
> am wondering why we have to play with "sasl-secprops" to tell slapd what 
> types of mechanisms are not wanted.
> 
>   Is there a problem with providing a "sasl-mechanisms" config option 
> that would list (GSSAPI, CRAM-MD5, etc) the specific mechanisms we 
> wanted to support?

That's a SASL configuration. Try creating this file:
/usr/lib/sasl2/slapd.conf
pwcheck_method: auxprop
mech_list: DIGEST-MD5 CRAM-MD5

List the SASL mechanisms you want slapd to offer. If you intend to offer
plain text mechanisms, then you will also have to use "sasl-secprops
none" in slapd.conf.