/etc/sasl

[Patrick Ben Koetter]

* Russ Allbery <rra at debian.org>:
> Patrick Ben Koetter <p at state-of-mind.de> writes:
> > * Russ Allbery <rra at debian.org>:
> 
> >> Currently, OpenLDAP puts its SASL configuration in /etc/ldap, which from
> >> the OpenLDAP perspective also makes sense.  I personally think of SASL
> 
> > The OpenLDAP source code does this by default or is this Debian
> > specific?
> 
> It's a Debian-specific patch.  It looks for /etc/ldap/sasl2/slapd.conf.
> 
> > What might speak for having it all in one location is that people need
> > to set SASL up separately from their app and that they also (should)
> > test it separately from their app. It's more like a standalone thing. I
> > can set it up and have it working without even having e.g. Postfix
> > installed.
> 
> Good point.  It also wouldn't require patches to each individual
> application using SASL to specify a location.

... and thus introduce less errors and, having it all in one place, make it
easier to find all sasl relevant config.


> > How about this for a migration path from /usr/lib/sasl2 to /etc/sasl2:
> >
> > 1. Search in app specific path (controlled by app maintainer/developer)
> > 2. Search in /etc/sasl2 (controlled by SASL defaults)
> > 3. Search in /usr/lib/sasl2 and log a warning that /usr/lib/sasl2 is being
> >    deprecated.
> 
> Isn't this what the current SASL packages are already doing?  I thought I
> looked at them recently and found that this was already the algorithm.

AFAIK yes. It's only that /etc/sasl2 (I think it is /etc/sasl now) is not
created upon installation.

p at rick

-- 
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>