[Date Prev][Date Next] [Chronological] [Thread] [Top]

security ssf and gssapi auto selection

To: openldap-software@OpenLDAP.org
Subject: security ssf and gssapi auto selection
From: Mivz <mivz@alpha.spugium.net>
Date: Wed, 08 Mar 2006 13:06:08 +0100
User-agent: Mozilla Thunderbird 1.0.7 (X11/20060210)

Hello, I have configured my ldap server to use GSSAPI. If I do not use the security ssf statement in my slapd.conf, it auto selects GSSAPI authentication:

ldapsearch
SASL/GSSAPI authentication started
SASL username: me@FQDN
SASL SSF: 56
SASL installing layers
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: gssapi
#

But when I enable the security ssf statement:
security ssf=56 update_ssf=112 simple_bind=56

It reply's:
ldapsearch
ldap_sasl_interactive_bind_s: Confidentiality required (13)
       additional info: confidentiality required

And I have to specify -Y gssapi whit my ldapsearch and then it works as before. The exual result is the same. Wy is it that it won't auto select GSSAPI when confidentiality is required? It does not even try. And, of course, how can this be solved?

Follow-Ups:
- Re: security ssf and gssapi auto selection
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: openldap bench / stress free tools
Next by Date: Re: Fwd: RedHat 7.3, OpenLadp and DB Berkeley
Index(es):
- Chronological
- Thread