| 1 |
Great, thank you very much for the answer. So SASL, in regard to LDAP, |
| 2 |
would be the security authentication layer and is a good thing to get |
| 3 |
working. I'll give it another go! |
| 4 |
I asked the question because I was having problems querying an ldap |
| 5 |
directory when sasl was enabled (had to use -x for simple authentication |
| 6 |
and bypass sasl) so wondered if it was something I could/should live |
| 7 |
without, or something I need to work at. |
| 8 |
|
| 9 |
thank very much!! |
| 10 |
|
| 11 |
Chris |
| 12 |
|
| 13 |
Benjamin Smee wrote: |
| 14 |
|
| 15 |
>lo, |
| 16 |
> |
| 17 |
>On Saturday 21 May 2005 11:32, Chris S wrote: |
| 18 |
> |
| 19 |
> |
| 20 |
>>any ideas? |
| 21 |
>> |
| 22 |
>>-c |
| 23 |
>> |
| 24 |
>>Chris S wrote: |
| 25 |
>> |
| 26 |
>> |
| 27 |
>>>Hi all, |
| 28 |
>>> |
| 29 |
>>>Quick (hopefully) question: |
| 30 |
>>>If I'm setting up a server to authenticate everything via ldap, do I |
| 31 |
>>>need sasl? |
| 32 |
>>> |
| 33 |
>>> |
| 34 |
> |
| 35 |
>You don't NEED sasl for ldap related authentication at all. The issue is more |
| 36 |
>that a lot of things, eg cyrus / postfix can use sasl layers to talk to ldap, |
| 37 |
>eg cyrus-sasl provides saslauthd which is how cyrus would talk to your ldap |
| 38 |
>server for authentication / authorization information. This is also true of |
| 39 |
>ldap clients that can also use sasl to auth to the ldap server using mechs |
| 40 |
>like cram / digest. |
| 41 |
> |
| 42 |
> |
| 43 |
> |
| 44 |
>>>I thought sasl, apart from being a security layer, was another db to |
| 45 |
>>>hold users? |
| 46 |
>>> |
| 47 |
>>> |
| 48 |
> |
| 49 |
>you are talking about sasldb which is indeed a db of users, but normally these |
| 50 |
>days more used for generating session stuff like cram / digest keys. |
| 51 |
> |
| 52 |
> |
| 53 |
> |
| 54 |
>>>So if my users are in ldap, why would I need sasl also? |
| 55 |
>>> |
| 56 |
>>>Unless it's needed for secure authentication within ldap itself? ssl? |
| 57 |
>>> |
| 58 |
>>> |
| 59 |
> |
| 60 |
>its not _needed_ but it can be useful. It just depends on your security model. |
| 61 |
> |
| 62 |
>b |
| 63 |
> |
| 64 |
> |
| 65 |
> |
| 66 |
-- |
| 67 |
gentoo-server@g.o mailing list |
Archives