Grant Taylor gtaylor at tnetconsulting.net
Tue Nov 6 14:58:58 AEST 2018

On 11/05/2018 02:43 PM, Ben Greenfield via TUHS wrote:
> I found that I had to do all of this using SASL.

At first read I was thinking "SASL?  Really?".  Then I remembered that 
Simple Authentication and Security Layer is really just an abstraction 
layer.  An abstraction layer that very easily could have (but I don't 
know one way or the other) a back end to Kerberos.

> I remember it as SASL would handle the kerberization during boot up 
> getting tickets for each LDAP entry that you wanted mapped to a service 
> on that client.


> I could be wrong but I think SASL seems to be way connect services on 
> Linux with LDAP that are served kerberized.

I've always viewed SASL as a way for applications to outsource the 
authentication / security so that the program code didn't need to worry 
about it.  It also allowed SASL to manage supporting all the different 
back end security methods.

I also think much the same about PAM.  -  In fact, I don't think I could 
properly differentiate between PAM and SASL.

Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20181105/a1f5c5d7/attachment.bin>

More information about the TUHS mailing list