Chapter 6. Command-Line Utilities
248
Option Description
• secProp, the security properties
• realm, the Kerberos realm
• flags
The expected values depend on the supported
mechanism. The -o can be used multiple times
to pass all of the required SASL information for
the mechanism. For example:
-o "mech=DIGEST-MD5" -o "authzid=test_user" -
o "authid=test_user"
Table 6.6. SASL Options
There are three SASL mechanisms supported in Red Hat Directory Server:
• CRAM-MD5, described in Table 6.7, “Description of CRAM-MD5 Mechanism Options”
• DIGEST-MD5, described in Table 6.8, “Description of DIGEST-MD5 SASL Mechanism Options”
• GSSAPI, described in Table 6.9, “Description of GSSAPI SASL Mechanism Options”
Required or Optional Option Description Example
Required mech=CRAM-MD5 Gives the SASL
mechanism.
-o “mech=CRAM-MD5”
Required authid=authid_value Gives the ID used to
authenticate to the
server. authid_value
can be the following:
• UID. For example,
msmith.
• u: uid. For example,
u: msmith.
• dn: dn_value. For
example, dn:
uid=msmith,ou=People,o=example.com.
-o
“authid=dn:uid=jsmith,
ou=People,
dc=example, dc=com"
Optional secprop=value The secprop attribute
sets the security
properties for the
connection. The
secprop value can be
any of the following:
• None
• noplain — Do not
permit mechanisms
susceptible to simple
passive attack.
-o
"secprop=noplain,minssf=1,maxbufsize=512"
