Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)

[Ken Murchison]

David Wright wrote:
> 
> Please educate me, I do not understand.
> 
>  > Please use pwcheck.  Your problems will go away.
> 
> The pwcheck distributed with cyrus-sasl is not useful to me. My users
> are not in /etc/passwd -- they are ONLY in an LDAP database. Even a
> pwcheck daemon that uses LDAP is only useful to me <if> it does LDAP-SSL
> -- I need password traffic encyrpted over the network. pam_ldap does
> this nicely, so any pwcheck daemon that did all this would basically be
> re-implementing the functionality of pam_ldap. Can you kindly point me
> to a pwcheck daemon that just calls PAM?

Grab SASL v1.5.27 from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/BETA/ (or
better yet grab the latest CVS) and use saslauthd.  Use your pam_ldap
module until you're blue in the face, and because it is a separate
process you *shouldn't* have any reentry problems.  saslauthd is
supposedly the replacement for pwcheck and will be mandatory in SASL v2.

Ken
-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp