[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Increase default olcLocalSSF to 128

To: openldap-devel@openldap.org
Subject: Re: Increase default olcLocalSSF to 128
From: Dieter Klünter <dieter@dkluenter.de>
Date: Thu, 26 Jul 2018 09:04:24 +0200
In-reply-to: <b1f679f0-eccb-98c2-ff85-e4b555495dd4@stroeder.com>
Organization: AVCI
References: <20180726024740.3xayjjz7rkqt5tz4@kiwi.nardis.ca> <b1f679f0-eccb-98c2-ff85-e4b555495dd4@stroeder.com>

Am Thu, 26 Jul 2018 08:19:34 +0200
schrieb Michael Ströder <michael@stroeder.com>:

> On 07/26/2018 04:47 AM, Ryan Tandy wrote:
> > I propose increasing the default olcLocalSSF to 128. Mentioned
> > initially on IRC, now bringing it to the list for completeness and
> > archival.
> > 
> > In typical setups people want to require TLS *or* ldapi, and
> > ssf=128 seems like a pretty common olcSecurity setting for current
> > systems.  
> 
> +1
> 
> But why not choosing an even higher value like 256?
> I really wonder why it was set to 71.

As Kurt mentioned on 1st. LDAPCon in Cologne, it is higher value than 56
and less than 128.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

Follow-Ups:
- Re: Increase default olcLocalSSF to 128
  - From: Michael Ströder <michael@stroeder.com>
- Re: Increase default olcLocalSSF to 128
  - From: Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no>

References:
- Increase default olcLocalSSF to 128
  - From: Ryan Tandy <ryan@nardis.ca>
- Re: Increase default olcLocalSSF to 128
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Increase default olcLocalSSF to 128
Next by Date: Re: Increase default olcLocalSSF to 128
Index(es):
- Chronological
- Thread