[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP extension draft for GSSAPI protection of session data
Right. Except these spec.'s do not specify how GSSAPI Wrap tokens are to be
carried within the LDAP protocol to secure the LDAP session data. In other
words, they specify only how initial authentication is to occur for LDAP using
GSSAPI.
Jonathan
> X-SMAP-Received-From: outside
> Resent-Date: Thu, 30 Jul 1998 08:44:20 -0700 (PDT)
> Date: Thu, 30 Jul 1998 08:44:17 -0700 (PDT)
> From: Chris Newman <Chris.Newman@INNOSOFT.COM>
> Subject: Re: LDAP extension draft for GSSAPI protection of session data
> To: Jonathan Trostle <jtrostle@cisco.com>
> Cc: ietf-ldapext@netscape.com
> MIME-version: 1.0
> Originator-Info: login-id=chris; server=THOR.INNOSOFT.COM
> Resent-Message-ID: <"kLjpD.0.Vh2.FJ9mr"@glacier>
> Resent-From: ietf-ldapext@netscape.com
> X-Mailing-List: <ietf-ldapext@netscape.com> archive/latest/567
> X-Loop: ietf-ldapext@netscape.com
> Resent-Sender: ietf-ldapext-request@netscape.com
>
> On Wed, 29 Jul 1998, Jonathan Trostle wrote:
> > I did not think that spec. included how the wrapped tokens should be
> > transmitted in the LDAP protocol.
>
> RFC 2251 section 4.2.2. 3rd paragraph says when a SASL security layer
> starts in LDAP, and RFC 2222 specifies how a SASL security layer is
> formed, and how GSS API is used to negotiate and form a security layer.
>
> - Chris
>