Re: SASL EXTERNAL Support

[Jakub Hrozek <jhrozek [at] redhat.com>]

On Mon, Apr 18, 2016 at 09:20:49AM -0400, Frank Crow wrote:
> OK, I'm sorry that I didn't realize that the PADL version is different from
> this one!   So then I have different questions.    Does this version
> support SASL EXTERNAL binding?  

I haven't tried it, but it looks like pam_sasl_mech should be what
you're looking for.

> And if so, how hard is it to replace the
> RHEL-6 version with this one?!

You'd need to compile it yourself, there are no prebuilt binaries AFAIK,
but then it's mostly a drop-in replacement (sans some more exotic
options..)

> 
> Thanks,
> Frank
> 
> 
> On Mon, Apr 18, 2016 at 5:40 AM, Jakub Hrozek <jhrozek@redhat.com> wrote:
> 
> > On Fri, Apr 15, 2016 at 10:07:12PM -0400, Frank Crow wrote:
> > > I'm using the pam_ldap (185-11) that comes with RHEL 6.7 which apparently
> > > does not support SASL EXTERNAL.    Does a later version include this
> > > support?
> >
> > RHEL-6 still uses PADL's pam_ldap FWIW, only RHEL-7 switched to
> > nss-pam-ldapd's pam_ldap.
> >
> > >
> > > I'm interested in maybe removing the RHEL version and installing a later
> > > version in order to support cert-based client identification via SASL
> > > EXTERNAL.
> > >
> > >
> > >
> > > Thanks,
> > >
> > > --
> > > Frank
> >
> > > --
> > > To unsubscribe send an email to
> > > nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
> > > http://lists.arthurdejong.org/nss-pam-ldapd-users/
> >
> > --
> > To unsubscribe send an email to
> > nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
> > http://lists.arthurdejong.org/nss-pam-ldapd-users/
> 
> 
> 
> 
> -- 
> Frank
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/