Roberto C. Sanchez wrote:
On Tue, Jan 30, 2007 at 05:04:48PM +0000, Rakotomandimby Mihamina wrote:Hi,I am using Testing, and I want to setup the debian way an LDAP + pam authentication system for system users.Would you know a recent howto talking about that? I dont need generic howto, I am interested in the debian specific way.Do you need to configure just the client, just the server, or both? Regards, -Roberto
Hmmm.... maybe if I reply with something helpful I can also piggy-back a question of my own? }:)
I was messing around with exactly the same thing a while ago, and this was the best How-To I found. It is for Sarge, but that didn't seem to matter. As much as I sing the praises of this one, it wasn't perfect. I seem to recall using several How-To's because none of them seemed to have all the answers.
http://www.moduli.net/pages/sarge-ldap-auth-howto Now here's my question:I never could figure out the #### SASL stuff. I didn't even get the concept. I thought I did several times, then I'd read something else and it wouldn't make sense again. So let's try this slowly.... =)
The LDAP client usually just sends all data (passwords included!) in the clear to the LDAP server. This is bad. SASL encrypts all the communication between the client and server.
Okay, now if I've at least got that much right....1) How do I make the client and server use SASL? I was forever at a loss on this. Never could find a How-To for it or anything. (Every How-To I found on LDAP started off with something to the effect of "SASL is beyond the scope of this document" =P )
2) Once I've enabled SASL (enabled? Is that even the right term?) how can I see if it's working?
Thanks, and I hope I'm not developing an irritating habit of thread hi-jacking, =)
- GM -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.432 / Virus Database: 268.17.28/672 - Release Date: 2/6/2007 10:22 AM