[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP authenticaton against PAM how-to

To: openldap-software@openldap.org
Subject: Re: LDAP authenticaton against PAM how-to
From: Tony Earnshaw <tonni@hetnet.nl>
Date: Fri, 09 Feb 2007 11:05:10 +0100
In-reply-to: <1ht8qpk.kmgn6f14rcwt4M%manu@netbsd.org>
References: <1ht8qpk.kmgn6f14rcwt4M%manu@netbsd.org>
User-agent: Thunderbird 2.0b2 (X11/20070116)

Emmanuel Dreyfus wrote, on 09. feb 2007 06:32:

I banged my head on OpenLDAP -> SASL -> PAM for two days. The status of
the documentation is really horrible. Until someone eventually fix that,
here is for future reference what I had to do (the NetBSD system parts
are out of topic, but I added them for the sake of completeness)

All of what you write *might* work for you in your own situation, but it's inferior and incomplete in as much as SASL methods using high security factors are excluded from your recipe - see:

http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer

Use of pam and saslauthd are unnecessary for OL and in fact put you into a strait jacket that prevents you from using far stronger and more effective authentication methods.

I'll grant that the OL documentation pertaining to implementation of SASL is incomplete, but there's now so much other documentation on the Internet that there should be no excuse for not finding sufficient; try )apologies if the url gets folded):

http://find.stanford.edu/search?q=sasl&site=stanford&client=stanford&proxystylesheet=stanford&output=xml_no_dtd&btnG.x=14&btnG.y=9

for starters?

Best,

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl

Follow-Ups:
- Re: LDAP authenticaton against PAM how-to
  - From: manu@netbsd.org (Emmanuel Dreyfus)

References:
- LDAP authenticaton against PAM how-to
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: Re: Schema Replication
Next by Date: Re: Announce: Net-LDAPapi version 2.00 released
Index(es):
- Chronological
- Thread