[Date Prev][Date Next]
RE: fixes for SASL KERBEROS_V4 mechanism (ITS#829)
At 01:28 PM 10/12/00 +0000, Karsten.Kuenne@desy.de wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>| We had a bit of prior discussion regarding this issue. In
>| particular, please review:
>| Basically, we suggest compiling Cyrus SASL with
>| KRB4_IGNORE_IP_ADDRESS. This works fine unless you desire
>| to use security layers.
>I didn't see that, I'll give it a try. What will be the impact
>if I don't use security layers with SASL?
You only get the first part of:
Simple Authentication and Security Layer
where Security Layer provides integrity and/or confidentiality
Given that SASL/KERBEROS_IV security layer is DES based, you don't
>Which other protocol families does OpenLDAP support?
AF_INET, AF_INET6, and AF_LOCAL.
>Probably IPv6 which
>I can't test because Sol 7 doesn't have it. But, anyway, I'll recompile
>SASL as you suggested and see how this works.
>BTW: GSSAPI does NOT work with ldapi:/// (with and without my changes), it
>always ends up with ("-d -1" given):
That would be yet to be reported issue...