[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL's PLAIN mechanism



At 03:58 PM 11/3/00 -0600, /home/queso/gcarter wrote:
>>From servers/slapd/sasl.c (OpenLDAP 
>
>201     sasl_secprops.max_ssf = INT_MAX;
>202     sasl_secprops.maxbufsize = 65536;
>203     sasl_secprops.security_flags =
>SASL_SEC_NOPLAINTEXT|SASL_SEC_NOANONYMOUS;
>204 #endif

These are the defaults.  You can alter them via slapd.conf(5).

>My understanding is the the /usr/lib/sasl/<appname>.conf
>(i.e. slapd) configuration is used to determine what a PLAIN
>mechanisms is authenticated against.  Therefore, for slapd
>this configuration file would be unnecessary.  yes or no?

It's unnecessary unless you alter the defaults such
that PLAIN is specified.

>Can anyone enlighten me on why PLAIN
>is disabled other than the reasons I've mentioned above?

RFC 2829, Section 8, Paragraph 2.