[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos/LDAP/SASL central authentication server howto

To: tarjei@nu.no, heimdal-discuss@sics.se, Nikola Milutinovic <Nikola.Milutinovic@ev.co.yu>, Love <lha@stacken.kth.se>
Subject: Re: Kerberos/LDAP/SASL central authentication server howto
From: Markus Moeller <huaraz@moeller.plus.com>
Date: Tue, 10 Aug 2004 18:01:14 +0200
Sender: owner-heimdal-discuss@sics.se

 
Thank you for all the details about SASL.I looked under 7.2 and didn't find anything there about connection encryption only 
authentication protection.   
 
Could sasl look at the service keys to determine dynamicly the SSF ? 
 
Markus 
 
On Tue, 10 Aug 2004 16:21 , Love <lha@stacken.kth.se> sent: 
 
> 
>Markus Moeller huaraz@moeller.plus.com> writes: 
> 
>> I tried to use the -O minssf=128 with ldapsearch against AD, but get a 
>> failure although I use the latest heimdal library which supports 
>> rc4-hmac. I can see that I have an arcfour-hmac-md5 ticket for the 
>> ldap/server principal and would assume that rc4-hmace allows the higher 
>> encryption. 
>>   
>> Any ideas why not ?  
> 
>Because the gssapi abstracts the crypto operation and sasl can't know what 
>the SSF value is, so it just have to make something up. 56 used to be a 
>good guess when Kerberos5 was mostly single des. 
> 
>Love 
> 
--  
Markus Moeller <huaraz@moeller.plus.com>

Prev by Date: Re: Kerberos/LDAP/SASL central authentication server howto
Next by Date: krb5 and openldap
Prev by thread: Re: Kerberos/LDAP/SASL central authentication server howto
Next by thread: Results from my request for testimonials
Index(es):
- Date
- Thread