lo,

On Saturday 21 May 2005 11:32, Chris S wrote:
> any ideas?
>
> -c
>
> Chris S wrote:
> > Hi all,
> >
> > Quick (hopefully) question:
> > If I'm setting up a server to authenticate everything via ldap, do I
> > need sasl?

You don't NEED sasl for ldap related authentication at all. The issue is more 
that a lot of things, eg cyrus / postfix can use sasl layers to talk to ldap, 
eg cyrus-sasl provides saslauthd which is how cyrus would talk to your ldap 
server for authentication / authorization information. This is also true of 
ldap clients that can also use sasl to auth to the ldap server using mechs 
like cram / digest.

> > I thought sasl, apart from being a security layer, was another db to
> > hold users?

you are talking about sasldb which is indeed a db of users, but normally these 
days more used for generating session stuff like cram / digest keys.

> > So if my users are in ldap, why would I need sasl also?
> >
> > Unless it's needed for secure authentication within ldap itself? ssl?

its not _needed_ but it can be useful. It just depends on your security model.

b

-- 
Benjamin Smee (strerror)
497F 5E98 1FA0 C313 EA0B 08C7 004A 66ED 448B E78C