[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: --with-spasswd, SASL/GSSAPI authentication

On Fri, Jan 26, 2001 at 10:25:06AM -0800, malyprogservices@flashmail.com wrote:
> Is there a way to prevent OpenLDAP 2.0.7 and SASL from opening (or
> attempting to open) /etc/sasldb? I've gotten the implication somehow or
> another that I can specify that LDAP is FORCED to use a certain
> pwcheck_method (GSSAPI in my case), by creating a file
> /usr/lib/sasl/slapd.conf file with that option ("pwcheck_method:
> gssapi"). Is that correct?

??? There is no GSSAPI pwcheck method. You are mixing it with the
authentication methods. GSSAPI itself contains no direct support for
checking passwords, it assumes that you are already authenticated to the
underlaying security service (like Kerberos).

Btw, I also dislike that Cyrus SASL always tries to open sasldb even if it
is told to use another method. A quick-and-dirty solution is to create an
empty sasldb using "db_load -T -t btree sasldb < /dev/null".


Gabor Gombas                                       Eotvos Lorand University
E-mail: gombasg@inf.elte.hu                        Hungary