[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sasl-secprops' minssf not setting SASL SSF correctly

PGNet schrieb:
Why does *addition* of "maxssf=256" (the maximum  acceptable  security
strength factor) to "sasl-secprops ..." cause the 'SASL SSF' reported
"ldapwhoami -ZZ" to change from

SASL SSF: 56 --> SASL SSF: 0

I think this is a valid question (and also why the ldapwhoami succeeds when minssf can not be satisfied..). However the overall tone of your message is "not helpful". Your assertion that minssf *sets* the SFF for SASL binds is simply wrong. The actual SSF depends on the SASL mechanism negotiated for the connection, you can't dictate SSF strength in slapd.conf. Maybe consulting a dictionary about the meaning of "acceptable" might be "helpful".