[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL mechanisms

On 2/20/06 11:36 AM, Andreas Hasenack wrote:
On Mon, Feb 20, 2006 at 09:33:46AM -0500, Francis Swasey wrote:
Having been bitten by someone installing a SASL mechanism on a server that also is one of my LDAP servers which was not configured (it happened to be Red Hat decided this mechanism is required to have sendmail on the system, but it could have been another sys admin).. I am wondering why we have to play with "sasl-secprops" to tell slapd what types of mechanisms are not wanted.

Is there a problem with providing a "sasl-mechanisms" config option that would list (GSSAPI, CRAM-MD5, etc) the specific mechanisms we wanted to support?

That's a SASL configuration. Try creating this file: /usr/lib/sasl2/slapd.conf pwcheck_method: auxprop mech_list: DIGEST-MD5 CRAM-MD5

List the SASL mechanisms you want slapd to offer. If you intend to offer
plain text mechanisms, then you will also have to use "sasl-secprops
none" in slapd.conf.

Ahha! I was looking in the wrong place... Thanks!

Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
  "I am not young enough to know everything." - Oscar Wilde (1854-1900)