Howard Chu wrote:
saslid - ignored unless you set usesasl. If you enable sasl without setting a saslid, it's possible for some arbitrary ID to be configured. But again, without a password, such a setting is usually useless. If you're using a mech like GSSAPI or EXTERNAL that doesn't use passwords, it may connect successfully, with that ID's privileges. Whether the ID can see the relevant info that pam/nss needs would determine what happens next.
The version of nss_ldap I'm looking at has GSSAPI hardcoded, so much of this is moot. You'll have to configure a credential cache, and ldap.conf can't provide that.
sasl_secprops - it would be possible to specify weaker props if this value is not set.
The worst you could do is turn off the security layer, which nss_ldap turns off by default anyway.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
