[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5207) Password checking: external program

On Thursday 01 November 2007 12:15:28 Hadmut Danisch wrote:
> Buchan Milne wrote:
> > So wouldn't the existing {SASL} scheme for userPassword (which allows a
> > simple bind to be authenticated against a SASL identity) be sufficient?
> Not really, because SASL is not just a server plugin, it requires the
> client to have SASL (and the plugins) as well. Unfortunately, this is
> not the case in most scenarios.

So you are unaware of the {SASL} scheme for userPassword, where slapd receives 
a simple bind, and tries to authenticate the user (as a SASL client) via the 
SASL mechanism with the identity following the scheme identifier in the 
userPassword attribute.

It is documented to some degree in the FAQ-o-matic.