[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL Authentication

Am Montag, 20. September 2004 21:37 schrieb Kurt D. Zeilenga:

> >> I would like to set the SASL/DIGEST-MD5 as the
> >> default authentication method when ldap commands
> >> such as ldapwhoami and ldapsearch are used.
> >> However, they insist on starting SASL/GSSAPI
> >> authentication. Is there a way to fix this problem?
> >
> >Either delete the Lib in /usr/lib/sasl2 or configure the CLients to use it
> > as default. See ldap.conf(5) SASL_MECH for details.
> Not sure SASL_MECH works properly (there was an issue
> reported with it some time ago).  I suggest that for
> those not wanting to support GSSAPI authentication,
> that they configure Cyrus SASL without GSSAPI
> support (or, if already reconfigured, simply remove

> Cyrus SASL's GSSAPI plugin).  You might also be able
> to mess with Cyrus SASL's config file for slapd(8).
> For further information regarding my suggestions,
> please see the Cyrus SASL documentation.

Yes, of course. Creating a file /usr/lib/sasl2/slapd.conf with a line

mech_list: digest-md5

should also do the trick.