[Date Prev][Date Next] [Chronological] [Thread] [Top]

login using SASL

Hi, I am planning to completely replace my old NIS server with OpenLDAP
server. So I have implemented some software for this purpose.

I am testing OpenLDAP-2.2.8 and cyrus-sasl-2.1.18 and nss_ldap-217 and
pam-ldap-169 on Redhat9.

I have read about ldapdb.c on this mailing list and succeeded in using it.
 And this point, I have consern about security issue. LDAP server uses
SIMPLE auth by default, so I have implemented SASL also.

Now I can do ldapsearch or ldappasswd using SASL digest-md5
authentication(with -U option). It can be done from ldap-client via network.

But when I do console login or network login, it doesn't work.
When logged in, LDAP client is trying to contact server using SIMPLE
auth. How can I make login sesson to use SASL auth?
I think this is not related to pam_ldap or nss_ldap because OpenLDAP
uses SASL implicitly.

I habe added to slapd.conf;
	require strong
but doesn't work...

Tomonari Hattori <tomo@ppi.co.jp>
Website http://www.ppi.co.jp