[Date Prev][Date Next]
Re: Support of Kerberos V5 safe and private messages for LDAP
I meant the same, that does Open LDAP directly or
through GSSAPI support KRB_SAFE or KRB_PRIV message
exchange, once the Kerberos authentication has taken
place and the ldap client and ldap server share a
secret session key.
Basically i plan to write a client that presents a
kerberos ticket to the LDAP server and after mutual
authentication between the LDAP server and itself,
does an encrypted message exchange with the server and
thus the LDAP server ( directly or through GSSAPI )
also need to send encrypted messages to the client.
I feel that if encrypted message exchange between
LDAP server and LDAP client is not possible then the
kerberos (V5) authentication is not a very secure
mechanism, where the data stream between the LDAP
server and LDAP client is not secure.
--- Norbert Klasen <email@example.com> wrote:
> --On Freitag, 1. Februar 2002 03:56 -0800 Abhinav
> <firstname.lastname@example.org> wrote:
> > As Open LDAP supports Kerberos V5 authentication
> > mechanism, does it also support encrypted message
> > exchange between an LDAP client and LDAP server.
> > Kerberos V5 RFC (RFC 1510) specifies KRB_SAFE and
> > KRB_PRIV messages for safe and private message
> > exchange respectively between client and servers
> > kerberos authentication has taken place
> OpenLDAP does not use Kerberos V5 directly. It uses
> the SASL GSSAPI
> mechanism, which in turn can use Kerberos V5. By
> default, an SASL GSSAPI
> bind in OpenLDAP will also install a security layer:
> SASL/GSSAPI authentication started
> SASL SSF: 56
> SASL installing layers
> Norbert Klasen, Dipl.-Inform.
> DAASI International GmbH phone: +49
> 7071 29 70336
> Wilhelmstr. 106 fax: +49
> 7071 29 5114
> 72074 Tübingen email:
> Germany web:
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!