[Date Prev][Date Next]
Re: (ITS#3845) support for SASL binds with plaintext rootpw
Well, the patch is fine (I'd add a descriptive comment to it) but in
general, slurpd should not be binding with the rootdn.
We can probably add this to HEAD/RE23; I'm not sure it's eligible for RE22.
> Full_Name: Jason Townsend
> Version: 2.2.19 and HEAD
> OS: 10.4.1
> URL: http://www.opendarwin.org/~jtownsend/patches/rootpwsasl/servers-slapd-sasl.patch
> Submission from: (NULL) (220.127.116.11)
> If there is a plaintext rootpw configured, then it is possible to hand that to
> SASL through the auxprop callback in order to allow a SASL bind against that
> account to work. In Mac OS X Server/Open Directory this is used to allow a
> replication identity and password to be set up simply with rootpw/rootdn without
> requiring another record to be added to the database. This way slurpd can
> perform a secure authentication rather than a simple bind.
> This patch was originally made against 2.2.19 and then ported it to HEAD.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support