Great, thank you very much for the answer. So SASL, in regard to LDAP,
would be the security authentication layer and is a good thing to get
working. I'll give it another go!
I asked the question because I was having problems querying an ldap
directory when sasl was enabled (had to use -x for simple authentication
and bypass sasl) so wondered if it was something I could/should live
without, or something I need to work at.
thank very much!!
Chris
Benjamin Smee wrote:
lo,
On Saturday 21 May 2005 11:32, Chris S wrote:
any ideas?
-c
Chris S wrote:
Hi all,
Quick (hopefully) question:
If I'm setting up a server to authenticate everything via ldap, do I
need sasl?
You don't NEED sasl for ldap related authentication at all. The issue is more
that a lot of things, eg cyrus / postfix can use sasl layers to talk to ldap,
eg cyrus-sasl provides saslauthd which is how cyrus would talk to your ldap
server for authentication / authorization information. This is also true of
ldap clients that can also use sasl to auth to the ldap server using mechs
like cram / digest.
I thought sasl, apart from being a security layer, was another db to
hold users?
you are talking about sasldb which is indeed a db of users, but normally these
days more used for generating session stuff like cram / digest keys.
So if my users are in ldap, why would I need sasl also?
Unless it's needed for secure authentication within ldap itself? ssl?
its not _needed_ but it can be useful. It just depends on your security model.
b
--
[email protected] mailing list
