[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5001) Incorrect SSF display

To: openldap-its@OpenLDAP.org
Subject: (ITS#5001) Incorrect SSF display
From: quanah@OpenLDAP.org
Date: Thu, 7 Jun 2007 21:03:39 GMT

Full_Name: Quanah Gibson-Mount
Version: 2.3.35
OS: NA
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (71.202.148.128)


I was playing with SASL connections on an TLS encrypted connection, and noticed
the SSF displayed is not correct in the SASL part.

Jun  7 12:51:27 ldap-dev1 slapd[11858]: conn=4494 fd=29 TLS established
tls_ssf=256 ssf=256
Jun  7 12:51:27 ldap-dev1 slapd[11858]: conn=4494 op=4 BIND
dn="uid=quanah,cn=accounts,dc=stanford,dc=edu" mech=GSSAPI ssf=56


I believe that the second line above should really display "sasl_ssf=56", or
probably even better, "sasl_ssf=56 ssf=256", similar to how the first line has
"tls_ssf=256 ssf=256", so that it is clear that there are different security
factors in play here.

--Quanah

Prev by Date: Re: (ITS#4965) slapd stops if access to cn=monitor is restricted
Next by Date: (ITS#5002) Windows Service: logoff causes shutdown
Index(es):
- Chronological
- Thread