Re: [389-users] SASL appname

Mon, 19 Mar 2012 08:32:23 -0700 

Following up my own question, I think I've found the right app name, but the 
settings are not being honoured.

I think "iDS" is the sasl app name:

    result = sasl_server_init(ids_sasl_callbacks, "iDS");

This seems to function correctly, as shown by strace:

    ...
    open("/usr/lib64/sasl2/iDS.conf", O_RDONLY) = 4
    fstat(4, {st_mode=S_IFREG|0644, st_size=30, ...}) = 0
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0x7f9147794000
    read(4, "mech_list: gssapi\n", 4096) = 18
    ...

The contents of the file are:

    mech_list: gssapi

However, the settings in that file do not seem to be honoured by 389:

    0000:  00 30 50 30 4e 04 17 73  75 70 70 6f 72 74 65 64   .0P0N..supported  
    0010:  53 41 53 4c 4d 65 63 68  61 6e 69 73 6d 73 31 33   SASLMechanisms13  
    0020:  04 08 45 58 54 45 52 4e  41 4c 04 0a 44 49 47 45   ..EXTERNAL..DIGE  
    0030:  53 54 2d 4d 44 35 04 06  47 53 53 41 50 49 04 08   ST-MD5..GSSAPI..  
    0040:  43 52 41 4d 2d 4d 44 35  04 09 41 4e 4f 4e 59 4d   CRAM-MD5..ANONYM  
    0050:  4f 55 53                                           OUS  

Any ideas what I could be missing?

Thanks,

Adam Bishop

On 19 Mar 2012, at 11:16, Adam Bishop wrote:

> Hello,
> 
> I'm trying to disable some SASL mechanisms (specifically EXTERNAL) as per the 
> RH documentation:
> 
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/disabling-sasl-mech.html
> 
> It seems that EXTERNAL is not provided by a plugin (as far as I can see?) so 
> I cannot use the first method, of relinking libraries.
> 
> I am now trying the second method (creating <appname>.conf with a mech_list), 
> but I am stuck on what to call the .conf file.
> 
> Having a quick look at the source code, the SASL appname is not obvious - 
> does anyone know what it is?
> 
> Thanks,
> 
> Adam Bishop
> 
> Janet is a trading name of The JNT Association, a company limited
> by guarantee which is registered in England under No. 2881024 
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG
> 
> --
> 389 users mailing list
> [email protected]
> https://admin.fedoraproject.org/mailman/listinfo/389-users


Janet is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG

--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users

Reply via email to