[Date Prev][Date Next] [Chronological] [Thread] [Top]

security ssf and gssapi auto selection

I have configured my ldap server to use GSSAPI.
If I do not use the security ssf statement in my slapd.conf, it auto selects GSSAPI authentication:

SASL/GSSAPI authentication started
SASL username: me@FQDN
SASL installing layers
# extended LDIF
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: gssapi

But when I enable the security ssf statement:
security ssf=56 update_ssf=112 simple_bind=56

It reply's:
ldap_sasl_interactive_bind_s: Confidentiality required (13)
       additional info: confidentiality required

And I have to specify -Y gssapi whit my ldapsearch and then it works as before.
The exual result is the same.
Wy is it that it won't auto select GSSAPI when confidentiality is required? It does not even try.
And, of course, how can this be solved?