[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos/LDAP/SASL central authentication server howto

Thank you for all the details about SASL.I looked under 7.2 and didn't find anything there about connection encryption only 
authentication protection.   
Could sasl look at the service keys to determine dynamicly the SSF ? 
On Tue, 10 Aug 2004 16:21 , Love <lha@stacken.kth.se> sent: 
>Markus Moeller huaraz@moeller.plus.com> writes: 
>> I tried to use the -O minssf=128 with ldapsearch against AD, but get a 
>> failure although I use the latest heimdal library which supports 
>> rc4-hmac. I can see that I have an arcfour-hmac-md5 ticket for the 
>> ldap/server principal and would assume that rc4-hmace allows the higher 
>> encryption. 
>> Any ideas why not ?  
>Because the gssapi abstracts the crypto operation and sasl can't know what 
>the SSF value is, so it just have to make something up. 56 used to be a 
>good guess when Kerberos5 was mostly single des. 
Markus Moeller <huaraz@moeller.plus.com>