[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL and encrypted connection?



Am Dienstag,  6. Februar 2001 11:44 schrieb Norbert Klasen:
[...]
> > I managed LDAP searches with simple and SASL (Digest MD5) authentication
> > and everything seems to work as expected. However whatching the
> > communication with a network sniffer, the whole communication during and
> > after the simple bind is clear text (as expected) and the whole
> > communitcation with the SASL-bind semms to be encrypted or obscured. I
> > expected an encryped bind commuitcation but what is happening with the
> > search request itself. Is this behaviour configurable?
>
> By default integrity and privacy protection is negotiated when using
> SASL binds. You can keep non-bind operations in clear text if you set
> the maxssf parameter, e.g.: ldapsearch -h host -s base -O maxssf=0

Hi Norbert,
thanks for the information. Does that mean that that the sasl-secprops 
settings are valid for the whole request?

What is the difference between "sasl-secprops minssf=112" and "security 
ssf=112"?

Yours,
Stephan

-- 
Stephan Siano                           Mail:  Stephan.Siano@suse.de
SuSE Linux Solutions AG                 Phone: 06196 50951 31
Mergenthalerallee 45-47			Fax:   06196 409607
D-65760 Eschborn