-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/09/09 10:34 +0000, Emmanuel Dreyfus wrote: >- OTP stuff is stored in SASL auxprop cmusaslsecretOTP, which can be >stored in sasldb or in LDAP.
Correct. Your Cyrus SASL libraries will need to be compiled without the - --with-opie option (which is the default on at least Debian). >- If I install the Cyrus ldapDB plugin and add a sasl2/salspasswd.conf, >it seems I can tell salspasswd2 to write to the directory: >ldapdb_uri: ldaps://ldap.example.com > >I have not fully investigated, but it seems the thing cannot prompt >for credentials: DN/password must be stored in salspasswd.conf, which >makes multiuser utilization troublesome. Are you asking how to provide the ldap credentials to update openldap? You can insert the appropriate SASL credentials into your saslpasswd2.conf file. A simple bind will not work. The options are documented in /doc/options.html within the cyrus sasl source tarball. I prefer using the EXTERNAL mechanism since I'm always changing passwords on the same host that openldap is on, but any mechanism should be valid (e.g. DIGEST-MD5). For reference, I have: $ cat /usr/lib/sasl2/password.conf auxprop_plugin: ldapdb ldapdb_uri: ldapi:/// ldapdb_mech: EXTERNAL >- And my last problem is to generate OTP. setkey(1) does not seems >to produce something acceptable by SASL OTP. I have to investigate >further. 'otp-md5' from opie will generate otp responses, but it requires your shared secret to be at least 10 characters (which Cyrus SASL does not require). - -- Dan White BTC Broadband Ph 918.366.0248 (direct) main: (918)366-8000 Fax 918.366.6610 email: [email protected] http://www.btcbroadband.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkqhIcAACgkQjEHNWladFEXohACfZ/4Z3c+rLH9Oe4ra4ZlDKUSV ZlgAnRACBabMqPNR4GX6XHC4uHHgRo3j =XSM0 -----END PGP SIGNATURE-----
