[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL and encrypted connection?

Hi Stephan,
> Hi Norbert,
> thanks for the information. Does that mean that that the sasl-secprops
> settings are valid for the whole request?
> What is the difference between "sasl-secprops minssf=112" and "security
> ssf=112"?

IIRC sasl_secprops is used to determine which SASL mechanisms/ciphers
may used between server and client, and the security parameter gives the
SSFs required for directory operations.
So "security ssf=112" should be fulfilled if the privacy protection
provided by either a SASL security layer or TLS is strong enough. See
also slapd.conf(5).

Norbert Klasen
DFN Directory Services                           tel: +49 7071 29 70335
ZDV, Universität Tübingen                        fax: +49 7071 29 5912
Wächterstr. 76, 72074 Tübingen              http://www.directory.dfn.de
Germany                             norbert.klasen@zdv.uni-tuebingen.de