On Wed, 5 Mar 2003, Howard Chu wrote: > I suggest you ditch OpenLDAP 2.0.27 and update to the latest 2.1 release. > Then you ditch saslauthd & PAM and have SASL authenticate directly against > LDAP. Note that OpenLDAP 2.0.X does not work with Cyrus SASL 2.1.x anyway, so > you need OpenLDAP 2.1 if you're already using SASL 2.1.
Just to clarify, does the last sentence refer to OpenLDAP authenticating against SASL or SASL authenticating against OpenLDAP? Like others on the list I've got SASL 2.1.10 authing quite happily to OpenLDAP 2.0.27 via saslauthd, so I assume you mean the former. This may be where the confusion is arising. > There are a number of advantages to using this approach over any other one: > saslauthd only supports plaintext login, and plaintext logins are > inherently insecure. Unless you're using (only) TLS, in which case they seem to be a _lot_ simpler to set up from scratch than some of the other mechanisms (judging by the frequent requests for help I see on the SASL list). Of course, if you can't enfore strong transport-layer encryption then your point stands. -- Simon Brady mailto:[EMAIL PROTECTED] ITS Technical Services University of Otago, Dunedin, New Zealand