Addressing cyrus-sasl ldapdb circular build

Dan Nicholson dbn.lists at gmail.com
Tue Apr 25 23:14:37 PDT 2006


On 4/25/06, Alexander E. Patrakov <patrakov at ums.usu.ru> wrote:
>
> I don't feel it is important. It is just a low-priority suggestion to improve
> the text in the Wiki. Feel free to ignore it.

I'll put in my own usage for it, but it's by no means exhaustive. 
It's for postfix.  The actual configuration is much too complicated to
place there, but I'll but some pointers.

> I am not a SASL expert (I do run a LDAP server and connect to it using SASL
> authentication mechanisms, but I don't run saslauthd and thus have no use for
> LDAP support in Cyrus-SASL), so I cannot provide you with good text.

I want to use an auxprop plugin for a couple reason.  saslauthd only
authenticates in cleartext, but I can use cram-md5, digest-md5 or ntlm
(for Outlook) with an auxprop plugin.  Also, using an auxprop plugin
does not require another daemon (saslauthd) to run.  Applications can
use a plugin directly.

I'm not a sasl expert either.  This all comes from the Book of
Postfix.  Using ldapdb with an LDAP backend, I can get TLS encrypted
sessions from remote client all the way through authentication without
any cleartext passwords.

> Formally there is an _optional_ circular dependency. The text in the Wiki will
> benefit a bit if it explains when this circular dependency is indeed
> unavoidable. Otherwise, people will build that "just because it is possible".

I see what you're saying.  I can only present this one situation that
would make it interesting.  Hopefully that's enough.

--
Dan



More information about the blfs-dev mailing list