Michael Bartosh wrote: > At 7:52 AM +0200 4/10/02, Birger Toedtmann wrote: > > In practice, most LDAP implementations don't have great authentication > mechanisms without sasl. You can always use TLS, and probably should, > anyway, but that's not the point. Keeping hashed password in the > directory also means you have to cook up really creative ACL's. >
I'd rather configure a simple ACL than to go through the hell that is SASL administration anyday. For most applications, sasl is overkill. Check the openldap and cyrus-imap lists for sasl related errors. They are the majority, and that's only for the authentication system. With openldap utilities the '-x' option, which skips sasl and does simple auth is quit popular, so is the --without-sasl configure flag. In some configurations, sasl is quite useful, but I believe in the majority sasl is just another difficult installation/maintainence hurdle. --Kervin -- http://linuxquestions.org/ - Ask linux questions, give linux help. http://splint.org/ - Write safe C code. splint source-code analyzer.
