| 1 |
lo, |
| 2 |
|
| 3 |
On Saturday 21 May 2005 11:32, Chris S wrote: |
| 4 |
> any ideas? |
| 5 |
> |
| 6 |
> -c |
| 7 |
> |
| 8 |
> Chris S wrote: |
| 9 |
> > Hi all, |
| 10 |
> > |
| 11 |
> > Quick (hopefully) question: |
| 12 |
> > If I'm setting up a server to authenticate everything via ldap, do I |
| 13 |
> > need sasl? |
| 14 |
|
| 15 |
You don't NEED sasl for ldap related authentication at all. The issue is more |
| 16 |
that a lot of things, eg cyrus / postfix can use sasl layers to talk to ldap, |
| 17 |
eg cyrus-sasl provides saslauthd which is how cyrus would talk to your ldap |
| 18 |
server for authentication / authorization information. This is also true of |
| 19 |
ldap clients that can also use sasl to auth to the ldap server using mechs |
| 20 |
like cram / digest. |
| 21 |
|
| 22 |
> > I thought sasl, apart from being a security layer, was another db to |
| 23 |
> > hold users? |
| 24 |
|
| 25 |
you are talking about sasldb which is indeed a db of users, but normally these |
| 26 |
days more used for generating session stuff like cram / digest keys. |
| 27 |
|
| 28 |
> > So if my users are in ldap, why would I need sasl also? |
| 29 |
> > |
| 30 |
> > Unless it's needed for secure authentication within ldap itself? ssl? |
| 31 |
|
| 32 |
its not _needed_ but it can be useful. It just depends on your security model. |
| 33 |
|
| 34 |
b |
| 35 |
|
| 36 |
-- |
| 37 |
Benjamin Smee (strerror) |
| 38 |
497F 5E98 1FA0 C313 EA0B 08C7 004A 66ED 448B E78C |
Archives