Re: APP -> SASL -> PAM -> LDAP Best Practices?

[Andreas Hasenack <andreas@conectiva.com.br>]

Em Mon, Jul 16, 2001 at 09:13:53AM -0400, Adam Tauno Williams escreveu:
> >What is the best way to setup the above routine? I am a little
> >confused...
> >If LDAP is using SASL to bind users, and SASL is using PAM to lookup
> >users, and PAM is using LDAP to find users??? (-:
> 
> SASL uses PAM?  I'm confused.

It can use PAM if configured to do so. Just set pwcheck_method: pam in 
/usr/lib/sasl/<service>.conf

pam_ldap will not use SASL, it will use simple bind. Therefore, the loop is
broken and it "should work"(tm).

And it is sort of confusing, yes.

> 
> >Is there a "Best Pratices" doc somewhere?
> 
> I'd like to find some decent documentation, period.  I've implemented Kerberos
> V,  and things like LDAP use SASL/GSSAPI which is great when it works.  But
> finding information on configuring or trouble shooting GSS has been pretty
> tough.  Any links would be appreciated.  I'll add it to my Kerberos V presentation.

This one helped me a lot, although I don't use kerberos:

http://www.bayour.com/LDAPv3-HOWTO.html

Also the SASL docs were very useful (after I understood the concept...).

And, of course, the archives of this mailing list, I still have some saved
threads... :)