Re: OpenLDAP as a SASL backend
On Monday 05 November 2007 13:20:04 Zohar Lev Shani wrote:
I understand now why I cannot put hashed userPassword when I use
SASL. But,
does it mean that the ONLY place where I can use hashed passwords for
authentication is the rootpw directive in slapd.conf, or, there are more
sensible use cases where it can be used?
Uh, well, if you want to use SASL mechanisms that require a shared secret,
obviously: no. If you want to use simple binds, then you can use a hashed
userPassword. If you want to use other SASL mechanisms that support encrypted
keys, mutual 3rd-party authentication - then you're not going to use
userPassword at all ...
Regards,
Buchan