[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sasl-secprops' minssf not setting SASL SSF correctly

To: openldap-software@openldap.org
Subject: Re: sasl-secprops' minssf not setting SASL SSF correctly
From: "pkoelle@gmail.com" <pkoelle@gmail.com>
Date: Wed, 10 Sep 2008 13:24:13 +0200
In-reply-to: <dbd51810809091056s155e8eecu166ac604fc28fe47@mail.gmail.com>
References: <dbd51810809081857u27dc968at7596ce9fa1263096@mail.gmail.com> <3AD14C6E4798C9D285E031B4@192.168.1.199> <dbd51810809090614l42b8e874g1a822a9d68272cad@mail.gmail.com> <E7304D15DB7CD775180D4296@192.168.1.199> <dbd51810809091056s155e8eecu166ac604fc28fe47@mail.gmail.com>
User-agent: Thunderbird 2.0.0.16 (Windows/20080708)

PGNet schrieb:

Why does *addition* of "maxssf=256" (the maximum  acceptable  security
strength factor) to "sasl-secprops ..." cause the 'SASL SSF' reported
"ldapwhoami -ZZ" to change from

SASL SSF: 56 --> SASL SSF: 0

I think this is a valid question (and also why the ldapwhoami succeeds when minssf can not be satisfied..). However the overall tone of your message is "not helpful". Your assertion that minssf *sets* the SFF for SASL binds is simply wrong. The actual SSF depends on the SASL mechanism negotiated for the connection, you can't dictate SSF strength in slapd.conf. Maybe consulting a dictionary about the meaning of "acceptable" might be "helpful".

cheers
 Paul

References:
- sasl-secprops' minssf not setting SASL SSF correctly
  - From: PGNet <pgnet.trash@gmail.com>
- Re: sasl-secprops' minssf not setting SASL SSF correctly
  - From: PGNet <pgnet.trash@gmail.com>
- Re: sasl-secprops' minssf not setting SASL SSF correctly
  - From: PGNet <pgnet.trash@gmail.com>

Prev by Date: Re: Implementing monitor in DB ldap existent
Next by Date: ACL resolving
Index(es):
- Chronological
- Thread