Kervin Pierre schrieb: > > Michael Bartosh wrote: > > > At 7:52 AM +0200 4/10/02, Birger Toedtmann wrote: > > > > In practice, most LDAP implementations don't have great authentication > > mechanisms without sasl. You can always use TLS, and probably should, > > anyway, but that's not the point. Keeping hashed password in the > > directory also means you have to cook up really creative ACL's. > > > > I'd rather configure a simple ACL than to go through the hell that is > SASL administration anyday.
At least SASL can be difficult to understand. What I'm looking for the "the big picture" of SASL, maybe in relation to PAM, Kerberos and what else. Does anyone have such a "big picture" to let people understand easier? -Simon > > For most applications, sasl is overkill. Check the openldap and > cyrus-imap lists for sasl related errors. They are the majority, and > that's only for the authentication system. With openldap utilities the > '-x' option, which skips sasl and does simple auth is quit popular, so > is the --without-sasl configure flag. > > In some configurations, sasl is quite useful, but I believe in the > majority sasl is just another difficult installation/maintainence hurdle. > > --Kervin > > -- > http://linuxquestions.org/ - Ask linux questions, give linux help. > http://splint.org/ - Write safe C code. splint source-code analyzer.
