To learn which SASL mechanisms are supported, search the root DSE. See the -boption in Table 6-3“Commonly-used ldapsearch options”.

Table 6-6 SASL options

Option

Description

-o

Specifies SASL options. The format is -osaslOption=value. saslOption can have one of six

 

values:

 

mech, the SASL authentication mechanism

 

authid, the user who is binding to the server (Kerberos principal)

 

authzid, a proxy authorization (ignored by the server because proxy authorization is not

 

supported)

 

secProp, the security properties

 

realm, the Kerberos realm

 

flags

 

The expected values depend on the supported mechanism. The -ocan be used multiple times to

 

pass all the required SASL information for the mechanism. For example:

 

-o "mech=DIGEST-MD5" -o "authzid=test_user" -o "authid=test_user"

 

 

There are three SASL mechanisms supported in the HP-UX Directory Server:

CRAM-MD5, described in Table 6-7 “Description of CRAM-MD5 mechanism options”

DIGEST-MD5, described in Table 6-8 “Description of DIGEST-MD5 SASL mechanism options”

GSSAPI, described in Table 6-9 “Description of GSSAPI SASL mechanism options”

194 Command-line utilities