NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Using LDAP for auth against LINUX

Uwe Lienig wrote:
I was not able to verify TLS over ldap with openssl.

  openssl s_client -host ldap.server -port 389 -CApath /etc/openssl/CAcerts \


TLS support requires special protocol routine over the TCP unsecured channel for a given service. You get this with -starttls <protocol>, but a quick look at openssl man page does not list LDAP as supported.

I think most of LDAP authentication including certificate validation is now
working. At this last step enabling encryption I've stopped my efforts since I'm
out of options to try. May be I've missed something in my configuration. I
thought on using ldap with sasl but that would introduce a new configuration
file to be maintained. And last but not least I'd like to understand why the PAM
mechanism is not working.

Hints are appreciated.

Two questions first:
- what's in your /etc/pam.d/saslauthd and saslauthd.conf?
- can you authenticate correctly with a dummy account using testsaslauthd?

Jean-Yves Migeon

Home | Main Index | Thread Index | Old Index