[Date Prev][Date Next] [Chronological] [Thread] [Top]

minssf more then 56

Dear, list!

I'm using OpenLDAP with SASL GSSAPI.

If I leave minssf to be 56, all works smoothly, but when trying to set
minssf to something more then 56, for example 112, 128 or 256, I get
the following error:

ldapsearch -d 1  -Y  GSSAPI  -b "uid=foo,ou=people,dc=example,dc=com" -s base
  ldap_sasl_interactive_bind_s: user selected: GSSAPI
  ldap_int_sasl_bind: GSSAPI
  ldap_new_connection 1 1 0
  ldap_connect_to_host: TCP directory.example.con:389
  ldap_new_socket: 3
  ldap_prepare_socket: 3
  ldap_connect_to_host: Trying
  ldap_connect_timeout: fd: 3 tm: -1 async: 0
  ldap_int_sasl_open: host=direcotry.example.com
  ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
          additional info: SASL(-4): no mechanism available: No
worthy mechs found

This is kind of strange, since Ethereal shows that even with minssf=56
all of kerberos traffic is
encrypted with aes256-cts-hmac-sha1-96.