Cyrus SASL and LDAP and CRAM-MD5 and DIGEST-MD5...
Dan White
dwhite at olp.net
Sat Jun 21 14:13:39 EDT 2008
Pascal Gienger wrote:
> Dan White <dwhite at olp.net> wrote:
>> Some suggestions: In the case sasl requests an attribute from your
>> auxprop store that doesn't match the configured userPassword attribute,
>> go ahead and pass it up. I'm getting this error while attempting an OTP
>> authentication (IMAP):
>>
>> giengerldap skip property: *cmusaslsecretOTP
>
> Your OTPs are stored in sasldb, right?
>
Actually I'm currently storing all auxprop attributes in ldap via
ldapdb. See:
http://tools.ietf.org/html/draft-melnikov-sasl-auxprop-attrs-00
for a schema I include in my LDAP server. Currently, I only use
userPassword and cmusaslsecretOTP in my environment.
I set userPasswords and OTP secrets via a command like this:
echo mysecret | /usr/sbin/saslpasswd2 -a btc user at example.net
where the contents of /usr/lib/sasl2/btc.conf is:
auxprop_plugin: ldapdb
ldapdb_uri: ldap://ldap.example.net
ldapdb_mech: GSSAPI
ldapdb_pw_method: exop
- Dan
More information about the Cyrus-sasl
mailing list