[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL and encrypted connection?

To: Stephan Siano <stephan.siano@suse.de>
Subject: Re: SASL and encrypted connection?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 06 Feb 2001 20:47:17 -0800
Cc: "OpenLDAP Software" <openldap-software@OpenLDAP.org>
In-reply-to: <01020611173502.00842@grobi>

At 11:17 AM 2/6/01 +0100, Stephan Siano wrote:
>Hi,
>
>I compiled OpenLDAP 2.0.7 with SASL and OpenSSL but without Kerberos support 
>and after some troubles I got the whole beast running (the documentation is 
>somehow sparse)... I haven't configured any SSL certificates yet. 
>
>I managed LDAP searches with simple and SASL (Digest MD5) authentication and 
>everything seems to work as expected. However whatching the communication 
>with a network sniffer, the whole communication during and after the simple 
>bind is clear text (as expected) and the whole communitcation with the 
>SASL-bind semms to be encrypted or obscured. I expected an encryped bind 
>commuitcation but what is happening with the search request itself.

SASL/DIGEST-MD5 supports integrity and privacy services.

>Is this behaviour configurable?

Yes, using maxssf parameter (-O).

Kurt

References:
- SASL and encrypted connection?
  - From: Stephan Siano <stephan.siano@suse.de>

Prev by Date: Re: Uid Numbers
Next by Date: Re: Clarifications on objectclasses
Index(es):
- Chronological
- Thread