From: (no name) (no email)
Date: Sat Dec 08 2001 - 09:17:53 EST
Rob Siemborski schrieb am Fri, Dec 07, 2001 at 09:53:33PM -0500:
* saslauthd links the pam libraries just like libsasl used to in SASLv1.
*
* libsasl2 now connects to a unix domain socket, which saslauthd is
* listening to, presents the username and password, and saslauthd consults
* pam, and replies either yes or now. This is similar to how pwcheck works.
*
* To start saslauthd, you give it a password checking mechanism (e.g. pam or
* rimap or kerberos4 or shadow, such as:
*
* saslauthd -a shadow
I *strongly* recommend a change of saslauthd's man page.
Yesterday I migrated from SASL-1.5.27 to SASL-2.0.5-BETA and found it very
difficult to have my old LDAP-via-PAM authentication scheme survive this
transition.
As "getpwent" did not work either, I ended up in putting my small LDAP
userbase back up into the flat files and bring my services up working again
via "saslauthd -a shadow".
The saslauthd man page did not say *anything* about PAM so I did not try
that as an option. The methods mentioned there are
"sasldb", "dce", "getpwent", "kerberos4", "rimap", "shadow" and "sia".
It was only when I read this mail tread that I had a look at the sources
and saw that "pam" is also incorporated.
- Birger
|
|
|