[389-users] SASL auth problem on bind with Mac OS X 10.4
Rich Megginson
rmeggins at redhat.com
Wed May 19 16:36:06 UTC 2010
Roland Schwingel wrote:
>
> Hi....
>
> > Is the ldap server configured for sasl? it would seem that the osx
> > client tries with sasl and only sasl when that does not work it unbinds
> > and does not try simple bind, it may see that the ldap server is showing
> > sasl as a available authentication method but it is not really
> > available, can you exec login into it?
> As I found no other way to test it I moved away my libcrammd5.so on my
> 389ds box and restarted dirsrv. CRAM-MD5 was no longer in the list of
> supported methods.
>
> I rebooted also my mac. My mac no longer issues a CRAM-MD5 SASL bind
> that is the good news, but it does not switch over to a simple bind using
> a binddn. It just does no bind anymore. What a mess.
So the mac finds that CRAM-MD5 is not available, and does nothing at all?
Note that Digest-MD5 requires that the directory server store the
password in clear text. This is because the directory server must use
the clear text password to generate the challenge for the client. This
prevents any clear text passwords from being sent across the wire, as is
done with a regular simple DN and password BIND operation.
>
>
> Anyway:
> Maybe I haven't found it but an option to enable/disable certain SASL
> methods within 389ds would IMHO be good to have for other situations
> where you can come into these needs.
It's on the Roadmap - http://directory.fedoraproject.org/wiki/Roadmap
>
> Roland
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list