David Boreham wrote:
> alex at milivojevic.org wrote:
>
>> I don't have Fedora Directory Server installed (yet). However,
>> there's one
>> feature from OpenLDAP that is must-have before even attempting to
>> play with
>> FDS.
>>
>> In OpenLDAP, if I use string like "{SASL}username at REALM" as a value for
>> userPassword attribute, and have "pwcheck_method: saslauthd" in
>> /usr/lib/sasl2/slapd.conf, then OpenLDAP will use saslauthd to
>> authenticate the
>> user (passing it "username at REALM" and whatever password user
>> supplied). I've
>> read that FDS supports SASL, but does it support this feautre too?
>>
>>
> Nope.
>
> Is this a currently supported OpenLDAP feature ?
> I ask because I vaguely remember some feature like
> this being dropped on the basis that it was a stop-gap
> until real SASL support was implemented. But I may
> well be thinking of some similar but different feature.
>
> FDS does support SASL but I think you'd need to
> do some extra work to get it to work with the saslauthd
> plugin. GSSAPI and EXTERNAL are the only two
> 'officially' supported SASL mechanisms.
What problem are you trying to solve? Are you trying to authenticate
apps that cannot use LDAP SASL and must use LDAP Simple BIND, and use
your Kerberos password? Fedora DS has a pam_passthru plugin that might
help you with that. You can tell FDS to use PAM to authenticate the
user, and you can configure PAM to authenticate against Kerberos.
>
>
>
>
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3312 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20050628/985f9299/attachment.bin
