[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap + sasl + plain|login + pam

To: openldap-software@OpenLDAP.org
Subject: openldap + sasl + plain|login + pam
From: Tom Ryan <tomryan@camlaw.rutgers.edu>
Date: Wed, 10 Jul 2002 23:58:32 -0400 (EDT)

It seems from reading various faqs documentation that it is possible to 
configure my openldap server to authenticate users binding to it with 
SASL as the backend using PLAIN|LOGIN to authenticate.

As SASL (on my RH 7.3 system) has pam in plain|login, it seems possible to 
configure a /usr/lib/sasl/slapd.conf to contain pwcheck_method: pam and 
then have a /etc/pam.d/ldap??? containing relevant lines.

essentially, is it possible to have ldap behave much like authenticated 
smtp does using the sasl library?

if i query my openldap server for 

ldapsearch -x -H ldaps://127.0.0.1 -b "" -s base supportedSASLMechanisms

I get

supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: ANONYMOUS

Has anyone done this? is it possible?

Tom

-- 
_______________________________________________________________________
Tom Ryan                                            Voice: 856-225-6361
Consulting System Administrator                       Fax: 856-969-7900
Rutgers School of Law - Camden

Follow-Ups:
- Re: openldap + sasl + plain|login + pam
  - From: Tom Ryan <tomryan@camlaw.rutgers.edu>

Prev by Date: security issue
Next by Date: Re: How can I get OpenLDAP to hash passwords as crypt?
Index(es):
- Chronological
- Thread