7 More Discussions You Might Find Interesting
1. HP-UX
We have two HP-UX machines, both are B.11.31.
When I FTP from the HP-UX boxes to a remote IBM server,-
HP-UX 1:
Connected to xxxx.
220-FTPD1 IBM FTP CS V1R12 at R2, 12:24:39 on 2013-08-30.
220 Connection will close if idle for more than 15 minutes.
Name (xxxx:user):
HP-UX 2:... (2 Replies)
Discussion started by: CaptNemo
2 Replies
2. Slackware
I have a postfix/dovecot mail server.
On centos6 works great,sso with gssapi on linux and windows clients.
On Slackware i have problems,Linux clients(thunderbird and mutt) connect ok,but not windows clients.
on logfile only this
Apr 19 19:01:41 cluster1 dovecot: auth: Debug: auth client... (0 Replies)
Discussion started by: Linusolaradm1
0 Replies
3. Shell Programming and Scripting
Hello
I hope somebody can help with this.
I have a shell, that in case of failure, sends an email (relaying through an Exchange Server). This Exchange server only offers NTLM authentication.
250-AUTH NTLM
This is the configuration I have:
Postfix 2.1.1 as client.
Cyrus-SASL... (1 Reply)
Discussion started by: viktor1985
1 Replies
4. UNIX for Dummies Questions & Answers
Hello
I hope somebody can help with this.
I have a shell, that in case of failure, sends an email (relaying through an Exchange Server). This Exchange server only offers NTLM authentication.
250-AUTH NTLM
This is the configuration I have:
Postfix 2.1.1 as client.
Cyrus-SASL... (1 Reply)
Discussion started by: viktor1985
1 Replies
5. Red Hat
Hi Experts,
While trying ftp from newly setup Linux box it is giving following error.
GSSAPI error major:Unspecified GSS failure.Minor code may provide more information
GSSAPI error minor:Unknown code krb5 195
GSSAPI error:initializing context
GSSAPI authntication failed
504 AUTH... (1 Reply)
Discussion started by: sai_2507
1 Replies
6. Red Hat
On Debian i set my ldap server,using tls and all works ok.
On Redhat i have set my ldap server,using tls ok...but
when i try to use ldapsearch without -x and with rootpw(created with slappasswd) it ask for sasl password!
The question is: is possible to disable sasl?
Thanks (2 Replies)
Discussion started by: Linusolaradm1
2 Replies
7. Solaris
Configure ldap client:
I have configured my ldapclient with the AuthenticationMethod=simple and with the credentialLevel=proxy. However, as soon as i want to set the AuthenticationMethod=sasl/GSSAPI, and credentiallevel=self, then it fails to configure. Kerberos is already setup successfully. The... (0 Replies)
Discussion started by: Henk Trumpie
0 Replies
LEARN ABOUT OSX
authen::sasl::perl5.12
Authen::SASL::Perl(3) User Contributed Perl Documentation Authen::SASL::Perl(3)
NAME
Authen::SASL::Perl -- Perl implementation of the SASL Authentication framework
SYNOPSIS
use Authen::SASL qw(Perl);
$sasl = Authen::SASL->new(
mechanism => 'CRAM-MD5 PLAIN ANONYMOUS',
callback => {
user => $user,
pass => &fetch_password
}
);
DESCRIPTION
Authen::SASL::Perl is the pure Perl implementation of SASL mechanisms in the Authen::SASL framework.
At the time of this writing it provides the client part implementation for the following SASL mechanisms:
ANONYMOUS
The Anonymous SASL Mechanism as defined in RFC 2245 resp. in IETF Draft draft-ietf-sasl-anon-03.txt from February 2004 provides a
method to anonymously access internet services.
Since it does no authentication it does not need to send any confidential information such as passwords in plain text over the network.
CRAM-MD5
The CRAM-MD5 SASL Mechanism as defined in RFC2195 resp. in IETF Draft draft-ietf-sasl-crammd5-XX.txt offers a simple challenge-
response authentication mechanism.
Since it is a challenge-response authentication mechanism no passwords are transferred in clear-text over the wire.
Due to the simplicity of the protocol CRAM-MD5 is susceptible to replay and dictionary attacks, so DIGEST-MD5 should be used in
preferrence.
DIGEST-MD5
The DIGEST-MD5 SASL Mechanism as defined in RFC 2831 resp. in IETF Draft draft-ietf-sasl-rfc2831bis-XX.txt offers the HTTP Digest
Access Authentication as SASL mechanism.
Like CRAM-MD5 it is a challenge-response authentication method that does not send plain text passwords over the network.
Compared to CRAM-MD5, DIGEST-MD5 prevents chosen plaintext attacks, and permits the use of third party authentication servers, so that
it is recommended to use DIGEST-MD5 instead of CRAM-MD5 when possible.
EXTERNAL
The EXTERNAL SASL mechanism as defined in RFC 2222 allows the use of external authentication systems as SASL mechanisms.
GSSAPI
The GSSAPI SASL mechanism as defined in RFC 2222 resp. IETF Draft draft-ietf-sasl-gssapi-XX.txt allows using the Generic Security
Service Application Program Interface [GSSAPI] KERBEROS V5 as as SASL mechanism.
Although GSSAPI is a general mechanism for authentication it is almost exlusively used for Kerberos 5.
LOGIN
The LOGIN SASL Mechanism as defined in IETF Draft draft-murchison-sasl-login-XX.txt allows the combination of username and clear-text
password to be used in a SASL mechanism.
It does does not provide a security layer and sends the credentials in clear over the wire. Thus this mechanism should not be used
without adequate security protection.
PLAIN
The Plain SASL Mechanism as defined in RFC 2595 resp. IETF Draft draft-ietf-sasl-plain-XX.txt is another SASL mechanism that allows
username and clear-text password combinations in SASL environments.
Like LOGIN it sends the credentials in clear over the network and should not be used without sufficient security protection.
As for server support, only PLAIN, LOGIN and DIGEST-MD5 are supported at the time of this writing.
"server_new" OPTIONS is a hashref that is only relevant for DIGEST-MD5 for now and it supports the following options:
- no_integrity
- no_confidentiality
which configures how the security layers are negotiated with the client (or rather imposed to the client).
SEE ALSO
Authen::SASL, Authen::SASL::Perl::ANONYMOUS, Authen::SASL::Perl::CRAM_MD5, Authen::SASL::Perl::DIGEST_MD5, Authen::SASL::Perl::EXTERNAL,
Authen::SASL::Perl::GSSAPI, Authen::SASL::Perl::LOGIN, Authen::SASL::Perl::PLAIN
AUTHOR
Peter Marschall <peter@adpm.de>
Please report any bugs, or post any suggestions, to the perl-ldap mailing list <perl-ldap@perl.org>
COPYRIGHT
Copyright (c) 2004-2006 Peter Marschall. All rights reserved. This document is distributed, and may be redistributed, under the same terms
as Perl itself.
perl v5.12.5 2010-03-11 Authen::SASL::Perl(3)