[Date Prev][Date Next]
Re: (ITS#5195) ssf not available during sasl bind
> --On Monday, October 29, 2007 5:08 PM +0000 firstname.lastname@example.org wrote:
>> Also, repeating an old point, remember that the "security" keyword
>> produces better error messages ("Confidentiality required") than
>> "access ... ssf=..." ("Insufficient access" for updates, "Invalid
>> credentials" for Bind). With the latter, the user likely thinks
>> he mistyped the password and sends it again unencrypted.
> The problem with the security directive that the user ran into, however, I
> don't see a way to get around. Which is there is no "OR" support. I.e.,
> you can't say, I want the user to have a TLS of 128 OR SASL SSF of 128. If
> you specify both, both are required.
You really need to read more carefully. If you only care about the overall
SSF, regardless of whether it's from TLS or SASL, then just use the "ssf" factor.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/