SASL EXTERNAL in smbldap.c
Guenther Deschner
gd at samba.org
Thu Oct 20 15:33:41 GMT 2005
Hi,
On Thu, Oct 20, 2005 at 05:49:21PM +1000, Andrew Bartlett wrote:
> On Thu, 2005-10-20 at 10:27 +0400, Alexey Lobanov wrote:
> > Hello all.
> >
> > On 20/10/05 01:46, Andrew Bartlett wrote:
> >
> > >>/* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite
> > >>(OpenLDAP) doesnt' seem to support it */
> > >>
> > >>
> > >>The questions are: who and when wrote it?
> > >
> > >
> > > A very, very long time ago.
> > >
> > >
> > >>And how to see this stuff
> > >>again? SASL EXTERNAL works fine in modern Linux-based systems, both
> > >>through Unix sockets (ldapi://) and through SSL (ldaps://).
> > >>
> > >>The aim is obvious: to remove plaintext administrative passwords from
> > >>any files...
> > >
> > >
> > > I would be happy to see this work. Even other SASL mechs if it were
> > > fairly easy to support.
> >
> > Actually, this "EXTERNAL" means "Do nothing; underlying socket level
> > will authentificate you". So why it worth to be implemented even without
> > other SASL mechs.
>
> Fully agreed. I use this in production with Heimdal - the only
> remaining issue is when we rebind to a master LDAP server, but if that's
> done correctly over SSL, then great.
>
> This is just something that hasn't been asked about much, and nobody has
> prepared a patch for.
Isn't there one already in the xad-oss tarball ?
Cheers,
Guenther
--
Günther Deschner GPG-ID: 8EE11688
Novell / SUSE LINUX gd at suse.de
Samba Team gd at samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20051020/418849c1/attachment.bin
More information about the samba-technical
mailing list