Norbert Klasen
Thu, 26 Oct 2006 14:03:35 -0700
Why don't you just remove the SASL mechanisms you don't want? The SASL/EXTERNAL will always be thereDoes not look like that - if I set "sasl-secprops noanonymous,noplain,noactive" then heimdal-kdc, which uses SASL/EXTERNAL over slapi fails to connect (removing 'noactive' solves that).
Rather then removing the mechanism libraries from your system, you can just limit the available mechanisms for your application, by setting
mech_list: GSSAPI EXTERNALin your sasl configuration file for slapd (likely /usr/lib/sasl2/slapd.conf).
-- Norbert