[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos/LDAP/SASL central authentication server howto

To: Andreas <andreas@conectiva.com.br>
Subject: Re: Kerberos/LDAP/SASL central authentication server howto
From: Tarjei Huse <tarjei@nu.no>
Date: Tue, 10 Aug 2004 10:13:46 +0200
Cc: Heimdal list <heimdal-discuss@sics.se>
In-Reply-To: <20040809175927.GN2672@conectiva.com.br>
References: <200408081229.i78CTGTN024320@brev.sics.se> <1092037347.6155.35.camel@linux.site> <amu0vc1z11.fsf@nutcracker.stacken.kth.se> <1092055101.4117703db027a@mail.nu.no> <20040809175927.GN2672@conectiva.com.br>
Reply-To: tarjei@nu.no
Sender: owner-heimdal-discuss@sics.se

On man, 2004-08-09 at 19:59, Andreas wrote:
> On Mon, Aug 09, 2004 at 02:38:21PM +0200, Tarjei Huse wrote:
> > ?? I didn't know , sorry. Please tell me more on how I can use GSSAPI instead of
> > tls to secure not only authentication but everything that happens over the
> > wire.
> 
> It really depends on the client tool. Not only does GSSAPI provide this, DIGEST-MD5
> also.

Hi, 

Thanks a lot (to Marcus and Love as well) for the explanation!


Tarjei

> 
> Examples of such tools that I'm 100% aware of are ldapsearch and mutt when doing SASL
> authentication.
> 
> With ldapsearch, for example:
> $ ldapsearch -h ldap.server | head -5
> SASL/GSSAPI authentication started
> SASL username: andreas@DISTRO.CONECTIVA
> SASL SSF: 56  <---------- encrypted channel (only 56 bits though)
> SASL installing layers
> (...)
> 
> With digest-md5:
> $ ldapsearch -h ldap.server -Y digest-md5 | head -5
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> SASL username: andreas
> SASL SSF: 128  <---------------------
> SASL installing layers
> (...)
> 
> But Kmail, for example, even though supporting DIGEST-MD5, does not encrypt the
> rest of the traffic. That is, it doesn't request this additional layer of
> security.

Follow-Ups:
- Re: Kerberos/LDAP/SASL central authentication server howto
  - From: Nikola Milutinovic <Nikola.Milutinovic@ev.co.yu>

References:
- Re: Kerberos/LDAP/SASL central authentication server howto
  - From: Markus Moeller <huaraz@moeller.plus.com>
- Re: Kerberos/LDAP/SASL central authentication server howto
  - From: Tarjei Huse <tarjei@nu.no>
- Re: Kerberos/LDAP/SASL central authentication server howto
  - From: Love <lha@stacken.kth.se>
- Re: Kerberos/LDAP/SASL central authentication server howto
  - From: Tarjei Huse <tarjei@nu.no>
- Re: Kerberos/LDAP/SASL central authentication server howto
  - From: Andreas <andreas@conectiva.com.br>

Prev by Date: Re: Kerberos/LDAP/SASL central authentication server howto
Next by Date: Re: Kerberos/LDAP/SASL central authentication server howto
Prev by thread: Re: Kerberos/LDAP/SASL central authentication server howto
Next by thread: Re: Kerberos/LDAP/SASL central authentication server howto
Index(es):
- Date
- Thread