[Date Prev][Date Next]
openldap sasl support
- To: <openldap-software@OpenLDAP.org>
- Subject: openldap sasl support
- From: "Chapman, Kyle" <Kyle_Chapman@G1.com>
- Date: Thu, 23 Jan 2003 23:54:06 -0500
- Content-class: urn:content-classes:message
- Thread-index: AcLDZJ/vp1eHW6W0SXGevgYqvVLr2w==
- Thread-topic: openldap sasl support
For those using sasl for replication with openldap, which sasl mech are people using? I use GSSAPI currently, but cyrus-sasl seems to limit its overall ssf to 56 (des). DIGEST-MD5, at least through sasl, provides more security then GSSAPI (the sasl lib doc says GSSAPI maxes at 56, but kerberos can do 3des, not an openldap problem) . I do use TLS for replication also. Security requirments have gone up for our shop recently...
Are people using GSSAPI for normal users and DIGEST-MD5 for a replicator account, maybe the rootdn also?
using openldap 2.1.12+sasl2.1.10+openssl0.9.7