[Date Prev][Date Next]
Re: SASL mechanisms
On Mon, Feb 20, 2006 at 09:33:46AM -0500, Francis Swasey wrote:
> Having been bitten by someone installing a SASL mechanism on a server
> that also is one of my LDAP servers which was not configured (it
> happened to be Red Hat decided this mechanism is required to have
> sendmail on the system, but it could have been another sys admin).. I
> am wondering why we have to play with "sasl-secprops" to tell slapd what
> types of mechanisms are not wanted.
> Is there a problem with providing a "sasl-mechanisms" config option
> that would list (GSSAPI, CRAM-MD5, etc) the specific mechanisms we
> wanted to support?
That's a SASL configuration. Try creating this file:
mech_list: DIGEST-MD5 CRAM-MD5
List the SASL mechanisms you want slapd to offer. If you intend to offer
plain text mechanisms, then you will also have to use "sasl-secprops
none" in slapd.conf.