[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sasl and openldap.

Subject: Re: sasl and openldap.
From: "Mark H. Wood" <mwood@IUPUI.Edu>
Date: Thu, 17 May 2001 09:29:24 -0500 (EST)
Cc: "Openldap - List (E-mail)" <openldap-software@OpenLDAP.org>
In-reply-to: <005201c0de25$339c2040$8501a8c0@mail.nu.no>

On Wed, 16 May 2001, Tarjei Huse wrote:
> After finally getting my head around some of the sasl ideas, I have some
> questions on how to use sasl in the context of openldap.
>
> 1. Does the use of ldap and sasl imply that the passwords are stored in the
> sasldb?
> I.e: authclient (f.x. mailprog) -> machine -> ldap -> sasl -> sasldb

No.  This would be the case for the mechanisms CRAM-MD5 and DIGEST-MD5,
and the PLAIN mechanism when 'pwcheck_method' is set to 'sasldb' (which is
the default method).  The KERBEROS_V4 mechanism would query Kerberos.
The GSSAPI mechanism would query Kerberos (or maybe something else, if
GSSAPI were set up to use that).

> 2. To use sasl auth in ldap, do you have to make a Openldap.conf file in the
> sasl pluginn dir?

It would be called slapd.conf .  I had to read the slapd source to find
this (in servers/slapd/sasl.c).  You need one if you wish the PLAIN
mechanism to use any method other than 'sasldb'.

> 3. If you use sasl_password_check: pam and pam ldap, wouldn't that look a
> bit wierd?
>
> f.x. cyrus imapd -> sasl -> ldap -> pam -> ldap ?
> or ...?
>
> or, how does this work?

Good question. :-/

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Make a good day.

References:
- sasl and openldap.
  - From: "Tarjei Huse" <tarjei@nu.no>

Prev by Date: AW: how to add a .jpg
Next by Date: collective (Was: "index delete failed" and "Inappropriate matching" )
Index(es):
- Chronological
- Thread