[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos/LDAP/SASL central authentication server howto

To: Markus Moeller <huaraz@moeller.plus.com>
Subject: Re: Kerberos/LDAP/SASL central authentication server howto
From: Andreas <andreas@conectiva.com.br>
Date: Tue, 10 Aug 2004 09:52:54 -0300
Cc: tarjei@nu.no, heimdal-discuss@sics.se, Info-cyrus <info-cyrus@lists.andrew.cmu.edu>, Nikola Milutinovic <Nikola.Milutinovic@ev.co.yu>
In-Reply-To: <200408101117.i7ABHbTN020049@brev.sics.se>
References: <200408101117.i7ABHbTN020049@brev.sics.se>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mutt/1.5.5.1i

On Tue, Aug 10, 2004 at 01:17:38PM +0200, Markus Moeller wrote:
> Nikola, 
>  
> I think you are right, SASL only protects the authentication exchange. I found also that cysus-sasl hard codes SSF 56 for GSSAPI. 

Check out RFC 2831, section 2.3: (http://www.ietf.org/rfc/rfc2831.txt?number=2831)

(This is the digest-md5 sasl mechanism rfc)

2.4   Confidentiality Protection

   If the server sent a "cipher-opts" directive and the client responded
   with a "cipher" directive, then subsequent messages between the
   client and the server MUST be confidentiality protected. 

Section 2.3 is about integrity protection.

References:
- Re: Kerberos/LDAP/SASL central authentication server howto
  - From: Markus Moeller <huaraz@moeller.plus.com>

Prev by Date: Re: Kerberos/LDAP/SASL central authentication server howto
Next by Date: Re: Kerberos/LDAP/SASL central authentication server howto
Prev by thread: Re: Kerberos/LDAP/SASL central authentication server howto
Next by thread: Re: Kerberos/LDAP/SASL central authentication server howto
Index(es):
- Date
- Thread