| 1 |
Benjamin Smee wrote: |
| 2 |
>>Chris S wrote: |
| 3 |
>> |
| 4 |
>>>Hi all, |
| 5 |
>>> |
| 6 |
>>>Quick (hopefully) question: |
| 7 |
>>>If I'm setting up a server to authenticate everything via ldap, do I |
| 8 |
>>>need sasl? |
| 9 |
Yes |
| 10 |
> |
| 11 |
> |
| 12 |
> You don't NEED sasl for ldap related authentication at all. The issue is more |
| 13 |
> that a lot of things, eg cyrus / postfix can use sasl layers to talk to ldap, |
| 14 |
> eg cyrus-sasl provides saslauthd which is how cyrus would talk to your ldap |
| 15 |
> server for authentication / authorization information. This is also true of |
| 16 |
> ldap clients that can also use sasl to auth to the ldap server using mechs |
| 17 |
> like cram / digest. |
| 18 |
This is very theoretical. As a matter of fact you will not be able to |
| 19 |
build openldap without SASL and AFAIK it's part of the LDAPv3 spec |
| 20 |
(digest-md5 or cram-md5). |
| 21 |
> |
| 22 |
> |
| 23 |
>>>I thought sasl, apart from being a security layer, was another db to |
| 24 |
>>>hold users? |
| 25 |
It's mostly a security layer and apart from the security layer plugins |
| 26 |
you'll have some for persistent storage like mysql, ldap and sasldb. It |
| 27 |
wouldn't make much sense without storing passwords somewhere right? |
| 28 |
|
| 29 |
|
| 30 |
cheers |
| 31 |
Paul |
| 32 |
-- |
| 33 |
gentoo-server@g.o mailing list |
Archives