I got this working for ldap server.
I can log into the openldap server using GSSAPI (-Y flag) and simple
bind (userPassword: {SASL}xxx@MY.DOMAIN) and it works ok by both
methods.
But for {SASL}xyz to work i had to write "pwcheck_method: saslauthd" into
/usr/local/lib/sasl2/slapd.conf.
Is it necessary to create configuration files for qmail (pop3,smtp,
...) inside /usr/local/lib/sasl2/ for each of qmail services ? Or what
i have done for slapd is enough?
Thank once more
Fried.
On Fri, Jul 1, 2011 at 9:04 AM, Hasse Hagen Johansen <h...@musikcheck.dk> wrote:
>>>>>> "Friedrich" == Friedrich Locke <friedrich.lo...@gmail.com> writes:
>
> Friedrich> By reading life with qmail, session "4.5 Fillling the
> Friedrich> Directory" the attribute userPassword is:
>
> Friedrich> userPassword: {MD5}X03MO1qnZdYdgyfeuILPmQ==
>
> Friedrich> I would not like this approach, because the user
> Friedrich> specified by the entry already have a password in
> Friedrich> kerberos. Is there a mean by which i could tell: "Hey,
> Friedrich> lookup for the password at xxxx.yyy.zzzz ?
>
> And now also to the list ;-)
>
> You can in the userPassword use {sasl}username to get it to ask the
> sasl service for authentication
>
> You have to configure sasl on the ldap server to ask the correct server
> for answer
>
> Best Regards
> Hasse Hagen Johansen
>
>
