<?xml version="1.0" ?> <!-- This files contains a single entry with multiple attributes tied to it. The attributes are: usetls - Determines whether an encrypted connection to the ldap server should be attempted. Legal values for the entry are: "yes" "no" tlsrequired - This flag tells whether the ldap connection must be encrypted. If set to "yes", the automounter will fail to start if an encrypted connection cannot be established. Legal values for this option include: "yes" "no" authrequired - This option tells whether an authenticated connection to the ldap server is required in order to perform ldap queries. If this flag is set to yes, then only authenticated connections will be allowed. If it is set to no then authentication is not needed for ldap server connections. Finally, if it is set to autodetect then the ldap server will be queried to establish a suitable authentication mechanism. If no suitable mechanism can be found, connections to the ldap server are made without authentication. Legal values for this option include: "yes" "no" "autodetect" authtype - This attribute can be used to specify a preferred authentication mechanism. In normal operations, the automounter will attempt to authenticate to the ldap server using the list of supportedSASLmechanisms obtained from the directory server. Explicitly setting the authtype will bypass this selection and only try the mechanism specified. Legal values for this attribute include: "GSSAPI" "LOGIN" "PLAIN" "ANONYMOUS" "DIGEST-MD5" user - This attribute holds the authentication identity used by authentication mechanisms that require it. Legal values for this attribute include any printable characters that can be used by the selected authentication mechanism. secret - This attribute holds the secret used by authentication mechanisms that require it. Legal values for this attribute include any printable characters that can be used by the selected authentication mechanism. clientprinc - When using GSSAPI authentication, this attribute is consulted to determine the principal name to use when authenticating to the directory server. By default, this will be set to "autofsclient/<fqdn>@<REALM>. credentialcache - When using GSSAPI authentication, this attribute can be used to specify an externally configured credential cache that is used during authentication. By default, autofs will setup a memory based credential cache. --> <autofs_ldap_sasl_conf usetls="no" tlsrequired="no" authrequired="no" />