Bug 206053
Summary: | FDS should permit configuration of SASL mechanisms | ||
---|---|---|---|
Product: | [Retired] 389 | Reporter: | Josh Kelley <joshkel> |
Component: | Security - SASL | Assignee: | Nathan Kinder <nkinder> |
Status: | CLOSED WONTFIX | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 1.0.2 | CC: | benl, jgalipea, rmeggins |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-04-04 20:47:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 495079, 512820 |
Description
Josh Kelley
2006-09-11 18:37:08 UTC
I think you may be able to do something like this: 1) Create a private sasl directory for the server e.g. mkdir /opt/fedora-ds/slapd-instance/sasl2 2) create symlinks to the sasl plugins in that directory cd /opt/fedora-ds/slapd-instance/sasl2 ; for file in $libdir/sasl2/*.so* ; do ln -s $file done 3) Remove the symlinks for the mechanisms you don't want to support e.g. rm *cram* 4) edit the start-slapd shell script SASL_PATH=/opt/fedora-ds/slapd-instance/sasl2 ; export SASL_PATH 5) restart the directory server If the server can't find the mech plugin, it should not list it. Rich's suggestion should work fine. There is also another method that should work, although I haven't attempted to use it myself. Cyrus SASL has support for creating an <app>.conf file that allows you to configure what mechanisms the SASL library will support for that given application. We rely on SASL to generate the list of supported mechanisms that are listed in the root DSE, so this would address the problem. Putting this on the list for the next release. |