Re: krb5PrincipalName and userPassword

[Howard Chu <hyc@symas.com>]

Turbo Fredriksson wrote:
> > > > > > "Howard" == Howard Chu <hyc@symas.com> writes:
>
>     >> So what's the point of having {SASL} in the userPassword then?
>
>     Howard> No one ever said there was any point to it. Why are you
>     Howard> using it if you don't understand what it's for?
>
> I have no idea. It's been YEARS since I was 'taught' (?) to use it...
> I sat up 1.3.something-low (or was even earlier than that!?) and I
> haven't read a manual/doc about this in years... I've just taken my
> old db/config and did the absolutly nessesary changes to get it to
> work...

I don't know what planet you've been living on, but the last 1.x release of 
OpenLDAP was 1.2, there was no 1.3. And between 1.x and 2.3 huge volumes of 
new documentation have been written. You can operate with obsolete knowledge 
if you like, but it's smarter to read the docs that match the software 
revision you're working with.

> Was {KERBEROS} required in userPassword?

Nothing is ever *required* in userPassword. Different things *may* be set in 
userPassword depending on what you want to accomplish.

Pretty sure I explained this to you several years ago. I won't bother to go 
thru it again.

http://www.openldap.org/lists/openldap-software/200206/msg00334.html

>     Howard> From the sound of it, yes, the SASL regexp worked as it
>     Howard> should.
>
> Oki, that looked reasonble and the only conclution I could draw
> from my experience..

> But I'd _really_ like an explanation of the {SASL} 'thingie'...

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/