[Date Prev][Date Next] [Chronological] [Thread] [Top]

Openldap + sasl Question !!! (testing without krb) !!!

Hi all and Adam (I read your Manual about it)!!!

I left away the kerberos auth to manage strong encryption.
My Server wants to have strong encryption on the exop function. (Error on
passwd: strong encryption needed).
I set up sasldb on the server ans added the sasl options to the slapd.conf.
On ldasearch on mechanisms i get all i need including gssapi.
What has to be done on the clients to manage sasl Auth and passwordchanging
to the server with login and password ?
In my opinion the pam_ldap only supports simple_bind but not sasl_bind !!!
The interactive search on the client is not working due to an local error.
The normal search outputs the whole sasl mechanisms.
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: ANONYMOUS
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN

Where are the clients now authenticated, locally or on the slapd server ?
In your manual you describe to add a file in the /usr/lib/sasl/slapd.conf
dir, like sendmail.
If i change it to "pam" nothing happens, only the sasldb is looked for a
I use sasl auth for sendmail and it works. (Sendmail.conf in /usr/lib/sasl
is set to "pam" auth").
Also i tried to add a pam.d/ldap file with no effects to the login process.
Does anyone have a cunclusion on the problem ?

Thanks in advance.


Franz Skale
mainwork information technology AG
Tech Gate Vienna
Donaucitystrasse 1
A-1220 Wien
Tel: +43 1 333 48 58-0
Fax: +43 1 333 48 58-24
e-mail: f.skale@mainwork.com
Internet: http://www.mainwork.com