Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)

[mills]

David Wright writes:
>
>The pwcheck distributed with cyrus-sasl is not useful to me. My users 
>are not in /etc/passwd -- they are ONLY in an LDAP database. Even a 
>pwcheck daemon that uses LDAP is only useful to me <if> it does LDAP-SSL 
>-- I need password traffic encyrpted over the network. pam_ldap does 
>this nicely, so any pwcheck daemon that did all this would basically be 
>re-implementing the functionality of pam_ldap. Can you kindly point me 
>to a pwcheck daemon that just calls PAM?

The one in cyrus-sasl-1.5.27 does this, and works quite nicely.
It's now called saslauthd.  I got mine from:

        ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/

I must mention, though, that it's only used to validate plain text
passwords.  Encrypted passwords are still stored in sasldb, a local
database, and so cannot be networked.  I hope that future versions
of SASL will overcome this limitation.


-- 
-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-