1 |
Great, thank you very much for the answer. So SASL, in regard to LDAP, |
2 |
would be the security authentication layer and is a good thing to get |
3 |
working. I'll give it another go! |
4 |
I asked the question because I was having problems querying an ldap |
5 |
directory when sasl was enabled (had to use -x for simple authentication |
6 |
and bypass sasl) so wondered if it was something I could/should live |
7 |
without, or something I need to work at. |
8 |
|
9 |
thank very much!! |
10 |
|
11 |
Chris |
12 |
|
13 |
Benjamin Smee wrote: |
14 |
|
15 |
>lo, |
16 |
> |
17 |
>On Saturday 21 May 2005 11:32, Chris S wrote: |
18 |
> |
19 |
> |
20 |
>>any ideas? |
21 |
>> |
22 |
>>-c |
23 |
>> |
24 |
>>Chris S wrote: |
25 |
>> |
26 |
>> |
27 |
>>>Hi all, |
28 |
>>> |
29 |
>>>Quick (hopefully) question: |
30 |
>>>If I'm setting up a server to authenticate everything via ldap, do I |
31 |
>>>need sasl? |
32 |
>>> |
33 |
>>> |
34 |
> |
35 |
>You don't NEED sasl for ldap related authentication at all. The issue is more |
36 |
>that a lot of things, eg cyrus / postfix can use sasl layers to talk to ldap, |
37 |
>eg cyrus-sasl provides saslauthd which is how cyrus would talk to your ldap |
38 |
>server for authentication / authorization information. This is also true of |
39 |
>ldap clients that can also use sasl to auth to the ldap server using mechs |
40 |
>like cram / digest. |
41 |
> |
42 |
> |
43 |
> |
44 |
>>>I thought sasl, apart from being a security layer, was another db to |
45 |
>>>hold users? |
46 |
>>> |
47 |
>>> |
48 |
> |
49 |
>you are talking about sasldb which is indeed a db of users, but normally these |
50 |
>days more used for generating session stuff like cram / digest keys. |
51 |
> |
52 |
> |
53 |
> |
54 |
>>>So if my users are in ldap, why would I need sasl also? |
55 |
>>> |
56 |
>>>Unless it's needed for secure authentication within ldap itself? ssl? |
57 |
>>> |
58 |
>>> |
59 |
> |
60 |
>its not _needed_ but it can be useful. It just depends on your security model. |
61 |
> |
62 |
>b |
63 |
> |
64 |
> |
65 |
> |
66 |
-- |
67 |
gentoo-server@g.o mailing list |