26 Oct
2006
26 Oct
'06
10:40 p.m.
Why don't you just remove the SASL mechanisms you don't want? The SASL/EXTERNAL will always be there
Does not look like that - if I set "sasl-secprops noanonymous,noplain,noactive" then heimdal-kdc, which uses SASL/EXTERNAL over slapi fails to connect (removing 'noactive' solves that).
Rather then removing the mechanism libraries from your system, you can just limit the available mechanisms for your application, by setting mech_list: GSSAPI EXTERNAL in your sasl configuration file for slapd (likely /usr/lib/sasl2/slapd.conf).
--
Norbert