[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Support of Kerberos V5 safe and private messages for LDAP

--On Donnerstag, 7. Februar 2002 13:28 -0200 Andreas Hasenack <andreas@conectiva.com.br> wrote:

SASL/GSSAPI authentication started
SASL installing layers

Why is it using 56 bits only? I saw this here too, even though I'm only using 3DES kerberos tickets (if that's related). Where is this security layer negotiated/configured?

"56" is hardcoded in the cyrus-sasl gssapi plugin.

RFC1964 references RFC1510 and has only one confidentiality algorithm:
4.2.2. Confidentiality Algorithms

  Only one confidentiality QOP value is currently defined for the
  Kerberos V5 GSS-API mechanism:

  GSS_KRB5_CONF_C_QOP_DES         (numeric value: 0)
          /* Confidentiality with DES */

Does MIT Kerberos define a new QOP value for their 3DES extension?

One should probably take a look at the IDs for the revision of SASL and GSSAPI...

Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de