Sasl options, Table 6.6. sasl options – Red Hat 8.1 User Manual

command is aborted immediately.

SASL Options

SASL mechanisms can be used to authenticate a user, using the -o the required SASL information.

To learn which SASL mechanisms are supported, search the root DSE. See the -b option in

Table 6.3,

“Commonly-Used ldapsearch Options”

.

Table 6.6. SASL Options

Option

Description

-o

Specifies SASL options. The format is -o
saslOption=value. saslOption can have one of six
values:

mech, the SASL authentication mechanism
authid, the user who is binding to the server
(Kerberos principal)
authzid, a proxy authorization (ignored by the
server since proxy authorization is not
supported)
secProp, the security properties
realm, the Kerberos realm
flags

The expected values depend on the supported
mechanism. The -o can be used multiple times to
pass all of the required SASL information for the
mechanism. For example:

-o "mech=DIGEST-MD5" -o
"authzid=test_user" -o
"authid=test_user"

There are three SASL mechanisms supported in Red Hat Directory Server:

CRAM-MD5, described in

Table 6.7, “Description of CRAM-MD5 Mechanism Options”

DIGEST-MD5, described in

Table 6.8, “Description of DIGEST-MD5 SASL Mechanism Options”

GSSAPI, described in

Table 6.9, “Description of GSSAPI SASL Mechanism Options”

182

Chapter 6. Command-Line Utilities