All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Douglas E. Engert" <deengert@anl.gov>
To: peter@devries.tv
Cc: autofs@linux.kernel.org
Subject: Re: Simple BINDS over SSL/TLS
Date: Thu, 03 May 2007 09:56:55 -0500	[thread overview]
Message-ID: <4639F837.9030606@anl.gov> (raw)
In-Reply-To: <20070502153310.GF9348@cartman.devries.tv>



peter@devries.tv wrote:
> On Wed, May 02, 2007 at 11:19:39AM -0400, peter@devries.tv wrote:
>> I was wondering if it is possible for autofs to do simple binds over
>> TLS/SSL rather than having to do them over SASL.
> 
> This may not have been clear enough.  I want autofs to authenticate to
> the LDAP server as a user but without the use of SASL. 

Looking at autofs-4.1.4, it looks like it only does anonymous,
because it does not have a binddn or bindpw to use. It can use TLS,
if the ldap.conf it uses has someting like:

  URI ldaps://your.ldap.server.name
  TLS_CACERTDIR path to ca certs

The ldap library could fill in a binddn from a ldaprc, Its the  bindpw
that the ldap library will not fill in, and autofs does not have an
easy way to get it.

Speakinig of SASL, the best I can tell is 4.1.4 does not support it
directly, but could with a patch to call

  ldap_sasl_interactive_bind_s

I had a working patch, but got side tracked. Are there any plans
to add SASL support to autofs, such that it ends up in Debian distribution?



> Thanks,
> Peter
> 
> _______________________________________________
> autofs mailing list
> autofs@linux.kernel.org
> http://linux.kernel.org/mailman/listinfo/autofs
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

  parent reply	other threads:[~2007-05-03 14:56 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-05-02 15:19 Simple BINDS over SSL/TLS peter
2007-05-02 15:33 ` peter
2007-05-03  0:47   ` Ian Kent
2007-05-03 14:56   ` Douglas E. Engert [this message]
2007-05-03 21:47     ` Jeff Moyer
2007-05-04 14:27       ` Douglas E. Engert
2007-05-04 14:48         ` Jeff Moyer
2007-05-04 16:19           ` Douglas E. Engert
2007-05-04 16:58             ` Ian Kent
2007-05-04  9:25     ` Ian Kent

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4639F837.9030606@anl.gov \
    --to=deengert@anl.gov \
    --cc=autofs@linux.kernel.org \
    --cc=peter@devries.tv \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.