-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/09/09 10:34 +0000, Emmanuel Dreyfus wrote:
- OTP stuff is stored in SASL auxprop cmusaslsecretOTP, which can be
stored in sasldb or in LDAP.
Correct. Your Cyrus SASL libraries will need to be compiled without the - --with-opie option (which is the default on at least Debian).
- If I install the Cyrus ldapDB plugin and add a sasl2/salspasswd.conf,
it seems I can tell salspasswd2 to write to the directory: ldapdb_uri: ldaps://ldap.example.com
I have not fully investigated, but it seems the thing cannot prompt for credentials: DN/password must be stored in salspasswd.conf, which makes multiuser utilization troublesome.
Are you asking how to provide the ldap credentials to update openldap?
You can insert the appropriate SASL credentials into your saslpasswd2.conf file. A simple bind will not work. The options are documented in /doc/options.html within the cyrus sasl source tarball.
I prefer using the EXTERNAL mechanism since I'm always changing passwords on the same host that openldap is on, but any mechanism should be valid (e.g. DIGEST-MD5).
For reference, I have:
$ cat /usr/lib/sasl2/password.conf auxprop_plugin: ldapdb ldapdb_uri: ldapi:/// ldapdb_mech: EXTERNAL
- And my last problem is to generate OTP. setkey(1) does not seems
to produce something acceptable by SASL OTP. I have to investigate further.
'otp-md5' from opie will generate otp responses, but it requires your shared secret to be at least 10 characters (which Cyrus SASL does not require).
- -- Dan White BTC Broadband Ph 918.366.0248 (direct) main: (918)366-8000 Fax 918.366.6610 email: dwhite@olp.net http://www.btcbroadband.com