[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL LDAP plugin

To: hyc@highlandsun.com
Subject: RE: SASL LDAP plugin
From: Luke Howard <lukeh@PADL.COM>
Date: Fri, 14 Jun 2002 09:50:54 +1000
Cc: Kurt@OpenLDAP.org, openldap-devel@OpenLDAP.org
Organization: PADL Software Pty Ltd
Versions: dmail (bsd44) 2.4c/makemail 2.9d

>Right. Proxying the bind itself is a possibility, but that means e.g.
>providing an LDAP-specific implementation of the CRAM-MD5 or DIGEST-MD5 SASL
>plugins. Way too messy.

Actually, if you accept that LDAP is a general purpose authentication protocol
(not taking a position on that), it's not necessarily as messy as you might
otherwise think. But, moreover, it's not _possible_, at least with CRAM-MD5
and DIGEST-MD5, unless you're willing to funnel every SASL bind to a single
authentication server. I was planning on implementing something similar for
OS X (where there is a general purpose authentication server which appears
to be based on SASL POP authentication) but not being able to arbitrate on
the user name tharted it it.

-- Luke

--
Luke Howard | lukehoward.com
PADL Software | www.padl.com

Follow-Ups:
- RE: SASL LDAP plugin
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: RE: SASL LDAP plugin
Next by Date: RE: SASL LDAP plugin
Index(es):
- Chronological
- Thread