[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SASL Chaos?



On Saturday 09 November 2002 08:25 pm, Steve Langasek wrote:
> On Sat, Nov 09, 2002 at 07:42:22PM -0800, Ian Eure wrote:
> > > AFAIK, slapd will automatically use whatever SASL modules are installed
> > > if the client requests SASL authentication.  It Works For Me, without
> > > any additional configuration.
> >
> > FWIW, I haven't been able to get this working, either. I've installed
> > libsasl-modules-plain and libsasl-digestmd5-des. Whenever I try to use
> > SASL with OpenLDAP, I always get one of two errors:
> >
> > 'ldap_sasl_interactive_bind_s: Authentication method not supported'
> > (when I try to use DIGEST-MD5 or CRAM-MD5. Note that I also get a
> > 'SASL/{CRAM,DIGEST}-MD5 authentication started' message, which is absent
> > from the output with other mechanisms)
> > or
> > 'ldap_sasl_interactive_bind_s: Unknown authentication method'
> > (when try PLAIN, LOGIN, or ANONYMOUS)
> >
> > I checked slapd.conf(5), added 'sasl-secprops none' to
> > /etc/ldap/slapd.conf, and restarted slapd. It still doesn't work.
>
> Hmm, then I suspect the problem you're having is actually that you
> haven't configured the authentication database for these SASL modules
> (/etc/sasldb).  The only SASL mechanism I use is GSSAPI, so I'm not
> likely to be much help with the other mechs, but I do see a 'saslpasswd'
> command on my system which might have something to do with it all.
>
That's correct, but as I understand it, using the PLAIN mechanism 
authenticates via PAM (or /etc/passwd or /etc/shadow, if you prefer) - this 
is what I want, and should require no configuration of /etc/sasldb.

Besides which, the error I got claims that the authentication method isn't 
supported at all. If this is the error message for /etc/sasldb not being 
configured, a bug should certainly be filed.

-- 
COGITO EGGO SUM 
 I think; therefore I am a waffle. 



Reply to: