On Mon, 2008-06-30 at 09:48 +0700, Le Trung Kien wrote:
Hi everyone,
I have built up one server with Openldap, Cyrus SASL, MIT Kerberos V. Now, my server can authenticate users. In "Authentication Configuration", I set option information for LDAP server and Kerberos server. And I could login with accounts (Kerberos principals) which are created through Kerberos. And user information can be obtained from LDAP server. But it's seem to be only Openldap and Kerberos work with together. I can't figure out what the SASL role is in this strategy. And how it effects on my system. When I attempt setup phpldapadmin, I must configure SASL option, but I don't know how SASL works with LDAP in this strategy ?
-- Le Trung Kien.
Hi,
regarding your setup the SASL can be usefull to let your users authenticate to LDAP whith their kerberos password. the SASL actually glues the authentication (Kerberos) whith the authorization (LDAP).
how do your users authenticate to LDAP? do you have different passwords on LDAP accounts and on Kerberos principals? in you do, then your SASL glue (pass through authentication) is not set up properly.
M.