[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL Authentication

To: openldap-software@OpenLDAP.org
Subject: Re: SASL Authentication
From: Andreas Winkelmann <ml@awinkelmann.de>
Date: Mon, 20 Sep 2004 22:10:20 +0200
Content-disposition: inline
In-reply-to: <6.1.2.0.0.20040920123418.041e7b20@127.0.0.1>
References: <006101c49f14$03fcd4c0$da3fca42@shrugy> <200409202118.10449.ml@awinkelmann.de> <6.1.2.0.0.20040920123418.041e7b20@127.0.0.1>
User-agent: KMail/1.6.2

Am Montag, 20. September 2004 21:37 schrieb Kurt D. Zeilenga:

> >> I would like to set the SASL/DIGEST-MD5 as the
> >> default authentication method when ldap commands
> >> such as ldapwhoami and ldapsearch are used.
> >> However, they insist on starting SASL/GSSAPI
> >> authentication. Is there a way to fix this problem?
> >
> >Either delete the Lib in /usr/lib/sasl2 or configure the CLients to use it
> > as default. See ldap.conf(5) SASL_MECH for details.
>
> Not sure SASL_MECH works properly (there was an issue
> reported with it some time ago).  I suggest that for
> those not wanting to support GSSAPI authentication,
> that they configure Cyrus SASL without GSSAPI
> support (or, if already reconfigured, simply remove

> Cyrus SASL's GSSAPI plugin).  You might also be able
> to mess with Cyrus SASL's config file for slapd(8).
> For further information regarding my suggestions,
> please see the Cyrus SASL documentation.

Yes, of course. Creating a file /usr/lib/sasl2/slapd.conf with a line

mech_list: digest-md5

should also do the trick.

-- 
	Andreas

References:
- SASL Authentication
  - From: "Ammar T. Al-Sayegh" <ammar@kunet.com>
- Re: SASL Authentication
  - From: Andreas Winkelmann <ml@awinkelmann.de>
- Re: SASL Authentication
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Client Problem
Next by Date: Re: back-sql performance problem workaround
Index(es):
- Chronological
- Thread