1 |
lo, |
2 |
|
3 |
On Saturday 21 May 2005 11:32, Chris S wrote: |
4 |
> any ideas? |
5 |
> |
6 |
> -c |
7 |
> |
8 |
> Chris S wrote: |
9 |
> > Hi all, |
10 |
> > |
11 |
> > Quick (hopefully) question: |
12 |
> > If I'm setting up a server to authenticate everything via ldap, do I |
13 |
> > need sasl? |
14 |
|
15 |
You don't NEED sasl for ldap related authentication at all. The issue is more |
16 |
that a lot of things, eg cyrus / postfix can use sasl layers to talk to ldap, |
17 |
eg cyrus-sasl provides saslauthd which is how cyrus would talk to your ldap |
18 |
server for authentication / authorization information. This is also true of |
19 |
ldap clients that can also use sasl to auth to the ldap server using mechs |
20 |
like cram / digest. |
21 |
|
22 |
> > I thought sasl, apart from being a security layer, was another db to |
23 |
> > hold users? |
24 |
|
25 |
you are talking about sasldb which is indeed a db of users, but normally these |
26 |
days more used for generating session stuff like cram / digest keys. |
27 |
|
28 |
> > So if my users are in ldap, why would I need sasl also? |
29 |
> > |
30 |
> > Unless it's needed for secure authentication within ldap itself? ssl? |
31 |
|
32 |
its not _needed_ but it can be useful. It just depends on your security model. |
33 |
|
34 |
b |
35 |
|
36 |
-- |
37 |
Benjamin Smee (strerror) |
38 |
497F 5E98 1FA0 C313 EA0B 08C7 004A 66ED 448B E78C |