[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap sasl support

To: <openldap-software@OpenLDAP.org>
Subject: openldap sasl support
From: "Chapman, Kyle" <Kyle_Chapman@G1.com>
Date: Thu, 23 Jan 2003 23:54:06 -0500
Content-class: urn:content-classes:message
Thread-index: AcLDZJ/vp1eHW6W0SXGevgYqvVLr2w==
Thread-topic: openldap sasl support

greetings all..
 
For those using sasl for replication with openldap, which sasl mech are people using?  I use GSSAPI currently, but cyrus-sasl seems to limit its overall ssf to 56 (des).  DIGEST-MD5, at least through sasl, provides more security then GSSAPI (the sasl lib doc says GSSAPI maxes at 56, but kerberos can do 3des, not an openldap problem) .  I do use TLS for replication also.  Security requirments have gone up for our shop recently...
 
Are people using GSSAPI for normal users and DIGEST-MD5 for a replicator account, maybe the rootdn also?
 
using openldap 2.1.12+sasl2.1.10+openssl0.9.7

Prev by Date: Re: RootDN and slaves
Next by Date: Re: test my LDAP server ONLY using ssh?
Index(es):
- Chronological
- Thread