>We use saslauthd (v2.1.26) to authenticate from LDAP to Kerberos.
I have to confess that I am a bit confused here ... you're going FROM
LDAP _to_ Kerberos? Like you're using LDAP to authenticate _to_ a
Kerberized service? I don't think that's actually possible.
If you're using saslauthd to verify a password against a Kerberos
service, okay, THAT is clearly possible. But if that's all you're
doing it's not clear to me that authetication exchange involves
LDAP at all (this would be if you are doing saslauthd -a kerberos5)
If you're looking up user information in LDAP, then going through
saslauthd to verify a password against Kerberos, then that's not
actually a saslauthd issue because any LDAP-related caching wouldn't
happen inside of saslauthd.
If you're using LDAP authentication in saslauthd (saslauthd -a ldap),
then it doesn't seem like saslauthd does any client-side caching from a
very brief look at the documentation for it.
If you're talking about the caching used in the Apache mod_ldap module,
then that DEFINITELY isn't a SASL issue at all, but it seems like there
is a way to query those hash table statistics using the URL:
http://servername/cache-info
According to the documentation for mod_ldap.
--Ken
------------------------------------------
Cyrus: SASL
Permalink: https://cyrus.topicbox.com/groups/sasl/Teadf3d5469b1dc72-M7d66d298c26dfc56fc338194
Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription
