Re: SASL Authentication

[Andreas Winkelmann <ml@awinkelmann.de>]

Am Dienstag, 21. September 2004 00:17 schrieb Ammar T. Al-Sayegh:

> > There is a long list of libs in /usr/lib/sasl2.
> > Which one should I delete?
>
> Now I realize that it will check methods according
> to listed libs in certain order. Since I had previous
> installation of sasl2, the old libs were there even
> though I have the --disable option. So I deleted the
> whole /usr/lib/sasl2 directory and recompiled. Now
> I get SASL/DIGEST-MD5 as default.
>
> New problem though, the autentication is failing for
> root:
>
> # ldapwhoami -U root
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Internal
>         (implementation specific) error (80)
>             additional info: SASL(-13):
>                 user not found: no secret in database
>
> But I started saslauthd as:
>
>     saslauthd -a shadow

Oups, saslauthd does not work with digest-md5 or cram-md5. Cyrus-SASL has a 
Feature to fall back to an auxprop-plugin if an Shared-Secret Mechanism like 
digest-md5 is selected. I would guess it looks in sasldb for the User "root".

You didn't tell use, that you want to use saslauthd.

But, why do you want to use saslauthd? Use Howard's ldapdb Auxprop Plugin, 
instead.

> and root does exist in the shadow file. So why does it
> think that it's doesn't exist?
>
> I'm moving from shadow to ldap, but I wanted to verify
> with shadow first before I migrate to ldap.

Another thing if you want to use Shared-Secret Mechanisms is, Cyrus-SASL needs 
the Plaintext-Password. Something out of shadow does not work.

-- 
	Andreas