On Fri, 7 Nov 2003, Craig Ringer wrote: > > * Getting sasl to use an auxprop method that calls an LDAP server is > > possible, but tricky. Various patches exist, but are non trivial > > to install and configure. > > OK, I may be totally wrong here but I thought LDAP authentication was > normally done by logging in to the LDAP server with the user's name and > password. As such, you shouldn't have permission to read the user's > password off the LDAP server. I guess you could add a user 'cyrus' to > the LDAP server with permission to read passwords if you wanted to use > digest authentication types, though.
There are many different ways to use LDAP to enable authentication. Binding with the user's password is only one such way. > > * Not bother with digest authentication at all for now > > I'd love to use it personally. I have concerns about giving read access > to passwords to anything, though. Does anybody here have an opinion on > kerberizing the network so that slapd, cyrus etc just use kerberos? Its how CMU has been doing it since almost day one ;) -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper