[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: documentation for security ssf-settings

To: Matthias Nagl <openldap-list@mnagl.de>
Subject: Re: documentation for security ssf-settings
From: netwarrior863@gmail.com
Date: Wed, 11 Apr 2007 11:03:31 +0000 (UTC)
Cc: openldap-software@openldap.org
In-reply-to: <200704111057.17016.openldap-list@mnagl.de>
References: <200704111057.17016.openldap-list@mnagl.de>

Me too.. I had some problems recently trying to secure a connection, do
not know why but I had to set all of them to 256, lower number gave
errors of "..stronger something needed.." taking a look at the logs I
saw that most to the connection were "established ssf=256", so, I tried
that number and worked out, but hate guessing, and less when security is
involved, the man page is clear, but how can I know if I need 65, 112,
128 or whatever?

For what I read about which ssf to use for a specific connection , you
have to to use ACL's, I found some examples in the documentation.


Bytes..

During Wed, 11 Apr 2007, Matthias Nagl Spat Out:

> Date: Wed, 11 Apr 2007 10:57:16 +0200
> From: Matthias Nagl <openldap-list@mnagl.de>
> To: openldap-software@openldap.org
> Subject: documentation for security ssf-settings
> 
> 
> Is there any more comprehensive documentation for the security strength 
> factors in the security statement than the man-page entry?
> 
> "The minssf=<factor> property specifies the minimum acceptable security 
> strength factor as an integer approximate to effective key length used for 
> encryption.   0  (zero) implies no protection, 1 implies integrity protection 
> only, 56 allows DES or other weak ciphers, 112 allows triple DES and other 
> strong ciphers, 128 allows RC4, Blowfish and other modern strong ciphers.  
> The default is 0."
> 
> I am espacially interested which consequences the different ssf-settings 
> exactly have. What is really checked if I set for example
> security transport=x sasl=y tls=z ??
> 
> Additionally I'd like to know if it is possible to set special 
> security-settings for localhost-connections as they are always secure and 
> won't need encryption.
> 
> Thanks
> 
> Matthias
> 

-- 
*-=> LCP - SAIR Linux Certified Professional               <=-*
*-=> Powered By FreeBSD 6.2-STABLE - The Power To Serve    <=-*
*-=> GPG Public Key at http://gnv.us.ks.cryptnet.net       <=-*


*-=> 	    Telematica S.R.L  Telecomunicaciones	   <=-*
*-=> Tel./Fax: (598)2 408 2837 - 4024596 E. Acevedo 1622   <=-*

---
This message was checked by forty monkeys and found to not
contain any SPAM whatsoever.
		-- Your monkeys may vary

References:
- documentation for security ssf-settings
  - From: Matthias Nagl <openldap-list@mnagl.de>

Prev by Date: Re: Ldapsearch on multiple attributes
Next by Date: Re: OpenLDAP 2.3.35 available
Index(es):
- Chronological
- Thread