Re: Antw: Re: Q: different SSF settings for ldapi:// than for ldap:

[Michael Ströder <michael@stroeder.com>]

Ulrich Windl wrote:
> > > > Michael Ströder<michael@stroeder.com> schrieb am 30.03.2015 um 11:24 in
> Nachricht <55191633.90204@stroeder.com>:
> > Ulrich Windl wrote:
> > > > > > Michael Ströder<michael@stroeder.com> schrieb am 29.03.2015 um 12:12 in
> > > > I have this in my config:
> > > >
> > > > # SSF value for ldapi://
> > > > localSSF 256
> > >
> > > What I don't understand here is: Doesn't "256" _require_ encryption for
> > > ldapi:// then?
> >
> > There is a reason for everything I write, especially this sentence:
> >
> >   >> See slapd.conf(5) for details.
> >
> > Learn to read the fine docs.
>
> What really annoys me in this list are answers like "I know, you dont't. Try
> to find out yourself!".

Is it really too demanding to look up the text yourself when I point out a 
particular configuration directive *and* point to the relevant man page?

My impression was that you did not read the text before asking back.

> Here's what the manual page says:
> --
>         localSSF <SSF>
>                Specifies  the  Security Strength Factor (SSF) to be given
> local
>                LDAP sessions, such as those to the ldapi://  listener.   For
> a
>                description  of  SSF  values,  see sasl-secprops's minssf
> option
>                description.  The default is 71.
> --
> So where is the answer what 255 means? And what is the meaning of 71? (I guess
> 71 bit encryption; so I guess 255 means 255-bit encryption, but you say I'm
> wrong)

Yes, the default is 71 which is lower than what you specified as minssf.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature