[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: can I use a kerberos ticket with ldapsearch (and ldap libraries)

--On 18 April 2002 06:45 -0700 Howard Chu <hyc@highlandsun.com> wrote:

I saw someone recommend using SASL/GSSAPI over a TLS session. This is
overkill, since both TLS and SASL are performing encryption at the same

Would the encryption key size something to worry about? In our environment we cannot use 3DES and thus have to rely on the 56 bits provided by des-cbc-crc. By using StartTLS/LDAPS with a DES-CBC3-SHA/RC4-MD5 cipher one could "upgrade" to a 128 bit key.

Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70335
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de