* Simple BINDS over SSL/TLS @ 2007-05-02 15:19 peter 2007-05-02 15:33 ` peter 0 siblings, 1 reply; 10+ messages in thread From: peter @ 2007-05-02 15:19 UTC (permalink / raw) To: autofs I was wondering if it is possible for autofs to do simple binds over TLS/SSL rather than having to do them over SASL. Any input would be greatly appreciated. Peter ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Simple BINDS over SSL/TLS 2007-05-02 15:19 Simple BINDS over SSL/TLS peter @ 2007-05-02 15:33 ` peter 2007-05-03 0:47 ` Ian Kent 2007-05-03 14:56 ` Douglas E. Engert 0 siblings, 2 replies; 10+ messages in thread From: peter @ 2007-05-02 15:33 UTC (permalink / raw) To: autofs On Wed, May 02, 2007 at 11:19:39AM -0400, peter@devries.tv wrote: > I was wondering if it is possible for autofs to do simple binds over > TLS/SSL rather than having to do them over SASL. This may not have been clear enough. I want autofs to authenticate to the LDAP server as a user but without the use of SASL. Thanks, Peter ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Simple BINDS over SSL/TLS 2007-05-02 15:33 ` peter @ 2007-05-03 0:47 ` Ian Kent 2007-05-03 14:56 ` Douglas E. Engert 1 sibling, 0 replies; 10+ messages in thread From: Ian Kent @ 2007-05-03 0:47 UTC (permalink / raw) To: peter; +Cc: autofs On Wed, 2007-05-02 at 11:33 -0400, peter@devries.tv wrote: > On Wed, May 02, 2007 at 11:19:39AM -0400, peter@devries.tv wrote: > > I was wondering if it is possible for autofs to do simple binds over > > TLS/SSL rather than having to do them over SASL. > > This may not have been clear enough. I want autofs to authenticate to > the LDAP server as a user but without the use of SASL. Why don't you want to use SASL? Ian ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Simple BINDS over SSL/TLS 2007-05-02 15:33 ` peter 2007-05-03 0:47 ` Ian Kent @ 2007-05-03 14:56 ` Douglas E. Engert 2007-05-03 21:47 ` Jeff Moyer 2007-05-04 9:25 ` Ian Kent 1 sibling, 2 replies; 10+ messages in thread From: Douglas E. Engert @ 2007-05-03 14:56 UTC (permalink / raw) To: peter; +Cc: autofs peter@devries.tv wrote: > On Wed, May 02, 2007 at 11:19:39AM -0400, peter@devries.tv wrote: >> I was wondering if it is possible for autofs to do simple binds over >> TLS/SSL rather than having to do them over SASL. > > This may not have been clear enough. I want autofs to authenticate to > the LDAP server as a user but without the use of SASL. Looking at autofs-4.1.4, it looks like it only does anonymous, because it does not have a binddn or bindpw to use. It can use TLS, if the ldap.conf it uses has someting like: URI ldaps://your.ldap.server.name TLS_CACERTDIR path to ca certs The ldap library could fill in a binddn from a ldaprc, Its the bindpw that the ldap library will not fill in, and autofs does not have an easy way to get it. Speakinig of SASL, the best I can tell is 4.1.4 does not support it directly, but could with a patch to call ldap_sasl_interactive_bind_s I had a working patch, but got side tracked. Are there any plans to add SASL support to autofs, such that it ends up in Debian distribution? > Thanks, > Peter > > _______________________________________________ > autofs mailing list > autofs@linux.kernel.org > http://linux.kernel.org/mailman/listinfo/autofs > > -- Douglas E. Engert <DEEngert@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Simple BINDS over SSL/TLS 2007-05-03 14:56 ` Douglas E. Engert @ 2007-05-03 21:47 ` Jeff Moyer 2007-05-04 14:27 ` Douglas E. Engert 2007-05-04 9:25 ` Ian Kent 1 sibling, 1 reply; 10+ messages in thread From: Jeff Moyer @ 2007-05-03 21:47 UTC (permalink / raw) To: Douglas E. Engert; +Cc: autofs ==> On Thu, 03 May 2007 09:56:55 -0500, "Douglas E. Engert" <deengert@anl.gov> said: Douglas> I had a working patch, but got side tracked. Are there any Douglas> plans to add SASL support to autofs, such that it ends up in Douglas> Debian distribution? SASL support was introduced in autofs v5. Testing has been limited, since it seems no one uses it. -Jeff ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Simple BINDS over SSL/TLS 2007-05-03 21:47 ` Jeff Moyer @ 2007-05-04 14:27 ` Douglas E. Engert 2007-05-04 14:48 ` Jeff Moyer 0 siblings, 1 reply; 10+ messages in thread From: Douglas E. Engert @ 2007-05-04 14:27 UTC (permalink / raw) To: Jeff Moyer; +Cc: autofs Jeff Moyer wrote: > ==> On Thu, 03 May 2007 09:56:55 -0500, "Douglas E. Engert" <deengert@anl.gov> said: > > Douglas> I had a working patch, but got side tracked. Are there any > Douglas> plans to add SASL support to autofs, such that it ends up in > Douglas> Debian distribution? > > SASL support was introduced in autofs v5. Testing has been limited, > since it seems no one uses it. Great. I was looking at Debian, and using a Ubuntu system, that used 4.1.4 When v5 is stable, then we can look at it again. Is v5 in any of the RedHat distributions? > > -Jeff > > -- Douglas E. Engert <DEEngert@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Simple BINDS over SSL/TLS 2007-05-04 14:27 ` Douglas E. Engert @ 2007-05-04 14:48 ` Jeff Moyer 2007-05-04 16:19 ` Douglas E. Engert 0 siblings, 1 reply; 10+ messages in thread From: Jeff Moyer @ 2007-05-04 14:48 UTC (permalink / raw) To: Douglas E. Engert; +Cc: autofs ==> On Fri, 04 May 2007 09:27:13 -0500, "Douglas E. Engert" <deengert@anl.gov> said: Douglas> Jeff Moyer wrote: > ==> On Thu, 03 May 2007 09:56:55 -0500, Douglas> "Douglas E. Engert" <deengert@anl.gov> said: > Douglas> I had Douglas> a working patch, but got side tracked. Are there any > Douglas> Douglas> plans to add SASL support to autofs, such that it Douglas> ends up in > Douglas> Debian distribution? > SASL support Douglas> was introduced in autofs v5. Testing has been limited, > Douglas> since it seems no one uses it. Douglas> Great. I was looking at Debian, and using a Ubuntu system, Douglas> that used 4.1.4 When v5 is stable, then we can look at it Douglas> again. Is v5 in any of the RedHat distributions? I use v5 on my workstation, and have done so for at least a couple of months, now. We also ship it in several distributions, so let's call it stable. If you have evidence to the contrary, then please send us problem reports! It is available in RHEL 5, FC6, and will be shipping with F7 as well. -Jeff ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Simple BINDS over SSL/TLS 2007-05-04 14:48 ` Jeff Moyer @ 2007-05-04 16:19 ` Douglas E. Engert 2007-05-04 16:58 ` Ian Kent 0 siblings, 1 reply; 10+ messages in thread From: Douglas E. Engert @ 2007-05-04 16:19 UTC (permalink / raw) To: Jeff Moyer; +Cc: autofs Jeff Moyer wrote: > ==> On Fri, 04 May 2007 09:27:13 -0500, "Douglas E. Engert" <deengert@anl.gov> said: > > Douglas> Jeff Moyer wrote: > ==> On Thu, 03 May 2007 09:56:55 -0500, > Douglas> "Douglas E. Engert" <deengert@anl.gov> said: > Douglas> I had > Douglas> a working patch, but got side tracked. Are there any > > Douglas> Douglas> plans to add SASL support to autofs, such that it > Douglas> ends up in > Douglas> Debian distribution? > SASL support > Douglas> was introduced in autofs v5. Testing has been limited, > > Douglas> since it seems no one uses it. > > Douglas> Great. I was looking at Debian, and using a Ubuntu system, > Douglas> that used 4.1.4 When v5 is stable, then we can look at it > Douglas> again. Is v5 in any of the RedHat distributions? > > I use v5 on my workstation, and have done so for at least a couple of > months, now. We also ship it in several distributions, so let's call > it stable. If you have evidence to the contrary, then please send us > problem reports! I have no indications of any problems. What I meant was "stable" in the terms of the Debian distributions. Debian appears to have 4.1.4 versions in "stable", "testing" and "unstable" Unfortuneatly they don't appear to have any 5.0 versions yet. http://packages.debian.org/cgi-bin/search_packages.pl?searchon=names&version=all&exact=1&keywords=autofs > > It is available in RHEL 5, FC6, and will be shipping with F7 as well. Good to know, we have a number of RedHat systems too. > > -Jeff > > -- Douglas E. Engert <DEEngert@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Simple BINDS over SSL/TLS 2007-05-04 16:19 ` Douglas E. Engert @ 2007-05-04 16:58 ` Ian Kent 0 siblings, 0 replies; 10+ messages in thread From: Ian Kent @ 2007-05-04 16:58 UTC (permalink / raw) To: Douglas E. Engert; +Cc: autofs On Fri, 2007-05-04 at 11:19 -0500, Douglas E. Engert wrote: > > Jeff Moyer wrote: > > ==> On Fri, 04 May 2007 09:27:13 -0500, "Douglas E. Engert" <deengert@anl.gov> said: > > > > Douglas> Jeff Moyer wrote: > ==> On Thu, 03 May 2007 09:56:55 -0500, > > Douglas> "Douglas E. Engert" <deengert@anl.gov> said: > Douglas> I had > > Douglas> a working patch, but got side tracked. Are there any > > > Douglas> Douglas> plans to add SASL support to autofs, such that it > > Douglas> ends up in > Douglas> Debian distribution? > SASL support > > Douglas> was introduced in autofs v5. Testing has been limited, > > > Douglas> since it seems no one uses it. > > > > Douglas> Great. I was looking at Debian, and using a Ubuntu system, > > Douglas> that used 4.1.4 When v5 is stable, then we can look at it > > Douglas> again. Is v5 in any of the RedHat distributions? > > > > I use v5 on my workstation, and have done so for at least a couple of > > months, now. We also ship it in several distributions, so let's call > > it stable. If you have evidence to the contrary, then please send us > > problem reports! > > I have no indications of any problems. What I meant was "stable" > in the terms of the Debian distributions. Debian appears to have 4.1.4 > versions in "stable", "testing" and "unstable" > Unfortuneatly they don't appear to have any 5.0 versions yet. Yes, one of the difficulties with Debian is that v5 needs a fairly recent kernel which could cause pain for some people that can't update the kernel component for some reason. Ian ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Simple BINDS over SSL/TLS 2007-05-03 14:56 ` Douglas E. Engert 2007-05-03 21:47 ` Jeff Moyer @ 2007-05-04 9:25 ` Ian Kent 1 sibling, 0 replies; 10+ messages in thread From: Ian Kent @ 2007-05-04 9:25 UTC (permalink / raw) To: Douglas E. Engert; +Cc: autofs On Thu, 2007-05-03 at 09:56 -0500, Douglas E. Engert wrote: > > peter@devries.tv wrote: > > On Wed, May 02, 2007 at 11:19:39AM -0400, peter@devries.tv wrote: > >> I was wondering if it is possible for autofs to do simple binds over > >> TLS/SSL rather than having to do them over SASL. > > > > This may not have been clear enough. I want autofs to authenticate to > > the LDAP server as a user but without the use of SASL. > > Looking at autofs-4.1.4, it looks like it only does anonymous, > because it does not have a binddn or bindpw to use. It can use TLS, > if the ldap.conf it uses has someting like: > > URI ldaps://your.ldap.server.name > TLS_CACERTDIR path to ca certs > > The ldap library could fill in a binddn from a ldaprc, Its the bindpw > that the ldap library will not fill in, and autofs does not have an > easy way to get it. > > Speakinig of SASL, the best I can tell is 4.1.4 does not support it > directly, but could with a patch to call > > ldap_sasl_interactive_bind_s > > I had a working patch, but got side tracked. Are there any plans > to add SASL support to autofs, such that it ends up in Debian distribution? If the folks at Debian update to version 5 it's present. Ian ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2007-05-04 16:58 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2007-05-02 15:19 Simple BINDS over SSL/TLS peter 2007-05-02 15:33 ` peter 2007-05-03 0:47 ` Ian Kent 2007-05-03 14:56 ` Douglas E. Engert 2007-05-03 21:47 ` Jeff Moyer 2007-05-04 14:27 ` Douglas E. Engert 2007-05-04 14:48 ` Jeff Moyer 2007-05-04 16:19 ` Douglas E. Engert 2007-05-04 16:58 ` Ian Kent 2007-05-04 9:25 ` Ian Kent
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.