1 |
Benjamin Smee wrote: |
2 |
>>Chris S wrote: |
3 |
>> |
4 |
>>>Hi all, |
5 |
>>> |
6 |
>>>Quick (hopefully) question: |
7 |
>>>If I'm setting up a server to authenticate everything via ldap, do I |
8 |
>>>need sasl? |
9 |
Yes |
10 |
> |
11 |
> |
12 |
> You don't NEED sasl for ldap related authentication at all. The issue is more |
13 |
> that a lot of things, eg cyrus / postfix can use sasl layers to talk to ldap, |
14 |
> eg cyrus-sasl provides saslauthd which is how cyrus would talk to your ldap |
15 |
> server for authentication / authorization information. This is also true of |
16 |
> ldap clients that can also use sasl to auth to the ldap server using mechs |
17 |
> like cram / digest. |
18 |
This is very theoretical. As a matter of fact you will not be able to |
19 |
build openldap without SASL and AFAIK it's part of the LDAPv3 spec |
20 |
(digest-md5 or cram-md5). |
21 |
> |
22 |
> |
23 |
>>>I thought sasl, apart from being a security layer, was another db to |
24 |
>>>hold users? |
25 |
It's mostly a security layer and apart from the security layer plugins |
26 |
you'll have some for persistent storage like mysql, ldap and sasldb. It |
27 |
wouldn't make much sense without storing passwords somewhere right? |
28 |
|
29 |
|
30 |
cheers |
31 |
Paul |
32 |
-- |
33 |
gentoo-server@g.o mailing list |