[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL and encrypted connection?

At 11:17 AM 2/6/01 +0100, Stephan Siano wrote:
>I compiled OpenLDAP 2.0.7 with SASL and OpenSSL but without Kerberos support 
>and after some troubles I got the whole beast running (the documentation is 
>somehow sparse)... I haven't configured any SSL certificates yet. 
>I managed LDAP searches with simple and SASL (Digest MD5) authentication and 
>everything seems to work as expected. However whatching the communication 
>with a network sniffer, the whole communication during and after the simple 
>bind is clear text (as expected) and the whole communitcation with the 
>SASL-bind semms to be encrypted or obscured. I expected an encryped bind 
>commuitcation but what is happening with the search request itself.

SASL/DIGEST-MD5 supports integrity and privacy services.

>Is this behaviour configurable?

Yes, using maxssf parameter (-O).