[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: separate sasl-secprops for different tansports

To: openldap-software@openldap.org
Subject: Re: separate sasl-secprops for different tansports
From: Karsten KÃnne <kuenne@rentec.com>
Date: Thu, 26 Oct 2006 10:41:38 -0400
Cc: Hai Zaar <haizaar@gmail.com>
Content-disposition: inline
In-reply-to: <cfb54190610260648m56fbd502rf59503782b1efc0d@mail.gmail.com>
Organization: Renaissance Technologies Corp.
References: <cfb54190610260049x56bb1272l370c376aafb05117@mail.gmail.com> <200610260845.52287.kuenne@rentec.com> <cfb54190610260648m56fbd502rf59503782b1efc0d@mail.gmail.com>
User-agent: KMail/1.9.1

On Thursday 26 October 2006 09:48, Hai Zaar wrote:
> > Why don't you just remove the SASL mechanisms you don't want? The
> > SASL/EXTERNAL will always be there
>
> Does not look like that - if I set "sasl-secprops
> noanonymous,noplain,noactive" then heimdal-kdc, which uses
> SASL/EXTERNAL over slapi fails to connect (removing 'noactive' solves
> that).
>

I'm not talking about sasl-secprops but deinstalling the unneeded SASL 
mechanisms and leave only SASL/GSSAPI installed. Then you'll have SASL/GSSAPI 
and SASL/EXTERNAL, but SASL/EXTERNAL will only show up if you connect via 
ldapi or use SSL/TLS. I thought that's what you wanted.

Karsten.

References:
- separate sasl-secprops for different tansports
  - From: "Hai Zaar" <haizaar@gmail.com>
- Re: separate sasl-secprops for different tansports
  - From: Karsten KÃnne <kuenne@rentec.com>
- Re: separate sasl-secprops for different tansports
  - From: "Hai Zaar" <haizaar@gmail.com>

Prev by Date: Re: separate sasl-secprops for different tansports
Next by Date: Re: Strange behaviour using back-meta + slapo-pcache + glue
Index(es):
- Chronological
- Thread