[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: can I use a kerberos ticket with ldapsearch (and ldap libraries)

To: Howard Chu <hyc@highlandsun.com>, openldap-software@OpenLDAP.org
Subject: RE: can I use a kerberos ticket with ldapsearch (and ldap libraries)
From: Norbert Klasen <norbert.klasen@daasi.de>
Date: Fri, 19 Apr 2002 09:07:13 +0200
Content-disposition: inline
In-reply-to: <NMEFLNHODBAOPDKNNJALCECCCLAA.hyc@highlandsun.com>
References: <NMEFLNHODBAOPDKNNJALCECCCLAA.hyc@highlandsun.com>

--On 18 April 2002 06:45 -0700 Howard Chu <hyc@highlandsun.com> wrote:

I saw someone recommend using SASL/GSSAPI over a TLS session. This is
overkill, since both TLS and SASL are performing encryption at the same
time.

Would the encryption key size something to worry about? In our environment we cannot use 3DES and thus have to rely on the 56 bits provided by des-cbc-crc. By using StartTLS/LDAPS with a DES-CBC3-SHA/RC4-MD5 cipher one could "upgrade" to a 128 bit key.

--
Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70335
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de

Follow-Ups:
- RE: can I use a kerberos ticket with ldapsearch (and ldap libraries)
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- RE: can I use a kerberos ticket with ldapsearch (and ldap libraries)
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Adding aliases in SSL/TLS certificate (Was: ldapsearch TLS error)
Next by Date: RE: Some queries regarding Schema, Triggering Notification etc.
Index(es):
- Chronological
- Thread