[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL LDAP plugin

>Right. Proxying the bind itself is a possibility, but that means e.g.
>providing an LDAP-specific implementation of the CRAM-MD5 or DIGEST-MD5 SASL
>plugins. Way too messy.

Actually, if you accept that LDAP is a general purpose authentication protocol
(not taking a position on that), it's not necessarily as messy as you might
otherwise think. But, moreover, it's not _possible_, at least with CRAM-MD5
and DIGEST-MD5, unless you're willing to funnel every SASL bind to a single
authentication server. I was planning on implementing something similar for
OS X (where there is a general purpose authentication server which appears
to be based on SASL POP authentication) but not being able to arbitrate on
the user name tharted it it.

-- Luke

Luke Howard | lukehoward.com
PADL Software | www.padl.com