Great, thank you very much for the answer. So SASL, in regard to LDAP, 
would be the security authentication layer and is a good thing to get 
working. I'll give it another go!
I asked the question because I was having problems querying an ldap 
directory when sasl was enabled (had to use -x for simple authentication 
and bypass sasl) so wondered if it was something I could/should live 
without, or something I need to work at.

thank very much!!

Chris

Benjamin Smee wrote:

>lo,
>
>On Saturday 21 May 2005 11:32, Chris S wrote:
>  
>
>>any ideas?
>>
>>-c
>>
>>Chris S wrote:
>>    
>>
>>>Hi all,
>>>
>>>Quick (hopefully) question:
>>>If I'm setting up a server to authenticate everything via ldap, do I
>>>need sasl?
>>>      
>>>
>
>You don't NEED sasl for ldap related authentication at all. The issue is more 
>that a lot of things, eg cyrus / postfix can use sasl layers to talk to ldap, 
>eg cyrus-sasl provides saslauthd which is how cyrus would talk to your ldap 
>server for authentication / authorization information. This is also true of 
>ldap clients that can also use sasl to auth to the ldap server using mechs 
>like cram / digest.
>
>  
>
>>>I thought sasl, apart from being a security layer, was another db to
>>>hold users?
>>>      
>>>
>
>you are talking about sasldb which is indeed a db of users, but normally these 
>days more used for generating session stuff like cram / digest keys.
>
>  
>
>>>So if my users are in ldap, why would I need sasl also?
>>>
>>>Unless it's needed for secure authentication within ldap itself? ssl?
>>>      
>>>
>
>its not _needed_ but it can be useful. It just depends on your security model.
>
>b
>
>  
>
-- 
gentoo-server@g.o mailing list