The attached patch makes it possible to take advantage of SASL
authentication while using the LDAP backend of cpu. It's a
somewhat crude first attempt (it simply replaces simple
authentication at compile time, plus most SASL options are
hardcoded to defaults), but at least in case of GSSAPI (Kerberos 5)
authentication via SASL it is fully functional - I've been using it in
production environment for over a month with no problems
whatsoever, finally able to batch-handle users without storing a
plain-text password in cpu.conf.
Log in to post a comment.