[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap sasl support

greetings all..
For those using sasl for replication with openldap, which sasl mech are people using?  I use GSSAPI currently, but cyrus-sasl seems to limit its overall ssf to 56 (des).  DIGEST-MD5, at least through sasl, provides more security then GSSAPI (the sasl lib doc says GSSAPI maxes at 56, but kerberos can do 3des, not an openldap problem) .  I do use TLS for replication also.  Security requirments have gone up for our shop recently...
Are people using GSSAPI for normal users and DIGEST-MD5 for a replicator account, maybe the rootdn also?
using openldap 2.1.12+sasl2.1.10+openssl0.9.7