[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kpasswd

To: Howard Chu <hyc@symas.com>
Subject: Re: kpasswd
From: Paul M Fleming <pfleming@siumed.edu>
Date: Tue, 21 Oct 2003 12:58:30 -0500
Cc: "'Frank Swasey'" <Frank.Swasey@uvm.edu>, "'Allan Streib'" <astreib@indiana.edu>, openldap-software@OpenLDAP.org
Organization: SIUMED Information Resources
References: <00c001c397f1$f10c6620$e19d180a@CELLO>

Howard -- Good point.

With that said SASL can be a bear to setup. We're a CMU Cyrus IMAP shop
and therefore are very familiar with SASL -- I would encourage folks who
are trying to use SASL with OpenLDAP (and sendmail and cyrus etc) get on
the sasl mailing list, read the archives and the included docs.. They
aren't perfect but they do answer many of the questions that get asked
over and over again. 

For folks wanting kpasswd equivalence with SASL who aren't interested in
local passwords in /etc/sasldb I would encourage you to disable
/etc/sasldb support using --with-dblib=no -- especially if you have
multiple versions of BDB installed as linking SASL against a different
DB library than openldap(or sendmail or cyrus) can result in VERY odd
seg faults and core dumps.. Additionally, disable ALL auth mechanisms
you don't plain on using -- the extra plugins for SASL can cause
problems as well. 

Howard Chu wrote:
> 
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Frank Swasey
> 
> > Today at 8:37am, Allan Streib wrote:
> > > On Tuesday, October 21, 2003, at 07:52 AM, Frank Swasey wrote:
> > > > Today at 8:20am, Igor Brezac wrote:
> > > >> On Tue, 21 Oct 2003, Frank Swasey wrote:
> > > >>> I have a /usr/lib/sasl2/slapd.conf which contains
> > > >>> pwcheck_check: saslauthd
> > > >>> saslauthd_path: /var/run/saslauthd
> 
> > Ok... who's the SASL expert about why this won't work, but the facility
> > that is so broken that it is being removed still works.....  Kurt???
> 
> All of you folks complaining about how broken things are should really learn
> how to READ and PAY ATTENTION TO DETAILS. The SASL config keyword is
> "pwcheck_method" not "pwcheck_check." It amazes me that you can get so many
> pairs of eyes looking at this thread and all miss the actual problem that's
> so obviously staring you in the face.
> 
> The software works. Many people (on this list, even) have it working. All you
> have to do is configure it correctly. All it takes to configure it correctly
> is to PAY ATTENTION. How hard is that???
> 
>   -- Howard Chu, speaking for myself and no one else.

Follow-Ups:
- Re: kpasswd
  - From: Frank Swasey <Frank.Swasey@uvm.edu>

References:
- RE: kpasswd
  - From: "Howard Chu" <hyc@symas.com>

Prev by Date: LDAP Installation Error(s)
Next by Date: Re: TLS over various client connections
Index(es):
- Chronological
- Thread