Patrick Ben Koetter
p at state-of-mind.de
Tue Jan 15 07:56:10 UTC 2008
* Russ Allbery <rra at debian.org>:
> Patrick Ben Koetter <p at state-of-mind.de> writes:
> > * Russ Allbery <rra at debian.org>:
> >> Currently, OpenLDAP puts its SASL configuration in /etc/ldap, which from
> >> the OpenLDAP perspective also makes sense. I personally think of SASL
> > The OpenLDAP source code does this by default or is this Debian
> > specific?
> It's a Debian-specific patch. It looks for /etc/ldap/sasl2/slapd.conf.
> > What might speak for having it all in one location is that people need
> > to set SASL up separately from their app and that they also (should)
> > test it separately from their app. It's more like a standalone thing. I
> > can set it up and have it working without even having e.g. Postfix
> > installed.
> Good point. It also wouldn't require patches to each individual
> application using SASL to specify a location.
... and thus introduce less errors and, having it all in one place, make it
easier to find all sasl relevant config.
> > How about this for a migration path from /usr/lib/sasl2 to /etc/sasl2:
> > 1. Search in app specific path (controlled by app maintainer/developer)
> > 2. Search in /etc/sasl2 (controlled by SASL defaults)
> > 3. Search in /usr/lib/sasl2 and log a warning that /usr/lib/sasl2 is being
> > deprecated.
> Isn't this what the current SASL packages are already doing? I thought I
> looked at them recently and found that this was already the algorithm.
AFAIK yes. It's only that /etc/sasl2 (I think it is /etc/sasl now) is not
created upon installation.
p at rick
The Book of Postfix
saslfinger (debugging SMTP AUTH):
More information about the Pkg-cyrus-sasl2-debian-devel