[Date Prev][Date Next]
Confused about SSL,TLS,SASL
I'm trying to integrate LDAP into a small set of servers and
I'm getting confused about the various encryption and authentication
Here's my server:
Red Hat 7.1
OpenLDAP 2.0.7 (stock RPM install)
auth_ldap 1.4.7-2 (ditto)
nss_ldap 149-4 (ditto)
openssl 0.9.5a (ditto)
cyrus-sasl 1.5.24-17 (ditto)
I want my Solaris 8 and Red Hat 7.1 servers to authenticate (Unix
passwd and Apache user) against it. No immediate plans to use it for
address books or Netscape profiles. I seem to have it working over
port 636 using SSL with my Linux machines.
My goal is to have SSL encrypting the wire between the client
machines and the LDAP server. Then to have the client machines use a
password to bind to the server.
1) Is there a difference between SSL and TLS transport encryption
setup? Is there a difference between using -h ldaps:// (port 636) or
talking to the default ldap part and it using the start_tls functions
to switch to SSL?
2) I have one book on LDAP that says SSL and TLS are equivalent
(interchangeable) and I've read something on the web that says SSL
LDAP encryption is non-standard I should use TLS. If my ldap.conf
file says "ssl yes" am I ever using TLS?
3) I can't figure out what SASL is used for. Is it just used for
authenticating the client to the server? Is it only used as a
wrapper around some non-standard or in-house authenticating system?
Do I need it?