[Date Prev][Date Next]
Re: sasl-secprops' minssf not setting SASL SSF correctly
--On Tuesday, September 09, 2008 6:14 AM -0700 PGNet
Re-read what the slap.conf(5) man page says.
That's unhelpful. It's of course, already been read.
minssf=<factor> property specifies the minimum acceptable security
maxssf=<factor> property specifies the maximum acceptable security
Reads to me like "SASL SSF" is set by min/maxssf. It certainly affects it.
Unfortuntely, in a manner that's confusing.
If have some helpful clarification, please state it.
No where does it say there that it sets the minimum SSF of connections. It
says it specifies the minimum or maximum acceptable SSF. I.e., if you set
the minimum SSF to 128, and an incoming connection only uses 56, then XYZ
won't be usable.
I've generally used this type of restriction more with ACLs, such as:
by dn.base="cn=xyz,dc=example,dc=com" sasl_ssf=56 read
because some things (java, for example) default the SSF to 0.
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration