[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trying to enable SASL support for OpenLDAP 2.0.11...



Hello Werner,

* Werner wrote:

> On Thu, Aug 09, 2001 at 11:19:40AM -0400, Brendan Byrd wrote:
> > Okay, I've having trouble understanding how to implement this.  Does 
> > this automatically fix the problem with PAM?  Do you have to add a new 
> > /lib/security module to the /etc/pam.d/system-auth file?  As far as I 
> > know, in order to get stuff like the login and passwd command to work, 
> > you -HAVE- to use PAM.  This is for a UNIX login, not IMAP verification, 
> 
> With the sasl ldap patch you can cirumvent the pam mechanismn with an
> app like cyrus imapd. login and passwd use pam but not sasl directly
> therefore you need pam for the usual UNIX login in a pam aware system.
> 
> Is it a requirement for openldap to use SASL? 

No it isn't.

> I am going to upgrade from
> 1.2.11 and if possible at all I will avoid the weired SASL stuff.
 
If your are not using Kerberos or your passwords are in sasldb ...
you don't need SASL.

I'am using Openldap 2.0.11 without SASL. 
And it works quite well. LDAP over SSL/TLS is secure enough for my
environment.

-- 
bye

Waldemar