[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos/LDAP/SASL central authentication server howto

Markus Moeller <huaraz@moeller.plus.com> writes:

> I tried to use the -O minssf=128 with ldapsearch against AD, but get a
> failure although I use the latest heimdal library which supports
> rc4-hmac. I can see that I have an arcfour-hmac-md5 ticket for the
> ldap/server principal and would assume that rc4-hmace allows the higher
> encryption.
> Any ideas why not ? 

Because the gssapi abstracts the crypto operation and sasl can't know what
the SSF value is, so it just have to make something up. 56 used to be a
good guess when Kerberos5 was mostly single des.


PGP signature