[Date Prev][Date Next]
Re: Using SASL OTP
-----BEGIN PGP SIGNED MESSAGE-----
On 04/09/09 10:34 +0000, Emmanuel Dreyfus wrote:
>- OTP stuff is stored in SASL auxprop cmusaslsecretOTP, which can be
>stored in sasldb or in LDAP.
Correct. Your Cyrus SASL libraries will need to be compiled without the
- --with-opie option (which is the default on at least Debian).
>- If I install the Cyrus ldapDB plugin and add a sasl2/salspasswd.conf,
>it seems I can tell salspasswd2 to write to the directory:
>I have not fully investigated, but it seems the thing cannot prompt
>for credentials: DN/password must be stored in salspasswd.conf, which
>makes multiuser utilization troublesome.
Are you asking how to provide the ldap credentials to update openldap?
You can insert the appropriate SASL credentials into your saslpasswd2.conf
file. A simple bind will not work. The options are documented in
/doc/options.html within the cyrus sasl source tarball.
I prefer using the EXTERNAL mechanism since I'm always changing passwords
on the same host that openldap is on, but any mechanism should be valid
For reference, I have:
$ cat /usr/lib/sasl2/password.conf
>- And my last problem is to generate OTP. setkey(1) does not seems
>to produce something acceptable by SASL OTP. I have to investigate
'otp-md5' from opie will generate otp responses, but it requires your
shared secret to be at least 10 characters (which Cyrus SASL does not
Ph 918.366.0248 (direct) main: (918)366-8000
Fax 918.366.6610 email: email@example.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-----END PGP SIGNATURE-----