[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Enable SASL and GSSAPI authentication

To: openldap-technical@openldap.org
Subject: Re: Enable SASL and GSSAPI authentication
From: Jörg Herzinger <joerg.herzinger@global2000.at>
Date: Wed, 22 Dec 2010 15:43:27 +0100
In-reply-to: <D26BC6BA-846A-4A5E-85BA-CA76D3A6D1F1@internode.on.net>
References: <4D11CC52.6050307@global2000.at> <D26BC6BA-846A-4A5E-85BA-CA76D3A6D1F1@internode.on.net>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Lightning/1.0b2 Thunderbird/3.1.7

Hi,

Am 2010-12-22 13:04, schrieb Indexer:

To clarify this means SASL passthrough (aka userPassword: {SASL}user@realm ) and GSSAPI you want, correct?

Yes, thanks, I figured it out. I did't get that using SASL means, thatall authentication is forwarded to SASL and thus you have to configureit to use plain and gssapi auth. Before I used LDAP which seemed to beusing the gss libraries directely and I didn't have to use saslauthd at all.

And to document it, my /usr/lib/sasl2/slapd.conf now looks like this:

mech_list: plain gssapi
pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux

Follow-Ups:
- Re: Enable SASL and GSSAPI authentication
  - From: Dan White <dwhite@olp.net>

References:
- Enable SASL and GSSAPI authentication
  - From: Jörg Herzinger <joerg.herzinger@global2000.at>
- Re: Enable SASL and GSSAPI authentication
  - From: Indexer <indexer@internode.on.net>

Prev by Date: Granting write to ou
Next by Date: Re: Enable SASL and GSSAPI authentication
Index(es):
- Chronological
- Thread