From: Dave McMurtrie (no email)
Date: Sat Dec 06 2008 - 14:01:01 EST
Markus Moeller wrote:
> I'd like to use for ldap bind GSSAPI as the first sasl authentication
> mechanism and digest-md5 as the second prefered method (e.g. if the
> client does not support GSSAPI)
>
> I have configured slapd with /etc/sash/slapd.conf that has gssapi before
> digest-md5 (I assume the order is important, is it?) .
>
> mech_list: gssapi digest-md5 cram-md5 external
>
> But despite the above order I get gssapi as the last in the list of
> supportedsaslmechanisms
...snipped...
> What do I need to do to force the order on the server ?
I believe the auth mechanisms are currently presented by the server in
directory order. In other words, in whatever order they're returned
when the server calls opendir(), then readdir() in the directory
containing your different auth modules.
You could force the server to present the auth mechanisms in a different
order by mucking with the contents of that directory so they're listed
in a different order.
We ran into a problem with this recently, and Ken was working on a patch
such that the server would present them in mech_list order. I don't
know what the status of his work is on that.
Thank you,
Dave
-- Dave McMurtrie, SPE Email Systems Team Leader Carnegie Mellon University, Computing Services
|
|
|