[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ssf=0 disallowd in ACLs
- To: openldap-bugs@OpenLDAP.org
- Subject: ssf=0 disallowd in ACLs
- From: "Richard L. Goerwitz III" <rgoerwit@carleton.edu>
- Date: Mon, 13 Sep 2004 13:03:30 -0500
- In-reply-to: <200408171939.i7HJdITi015917@boole.openldap.org>
- Organization: Carleton College
- References: <200408171939.i7HJdITi015917@boole.openldap.org>
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040803
I'm sorry if I'm misunderstanding the behavior I'm seeing, but let me
try to be brief, and helpful here in describing the issue I'm seeing:
In ACLs (OpenLDAP 2.2.15, 2.2.16 are what I tested), ssf=0 triggers
the following error:
/etc/openldap/slapd.conf: line 122: invalid ssf value (0)
There might in fact be a good reason for dropping the default security
level. E.g., in some scenarios it's perfect appropriate if the remote
host is local (127.0.0.1, suppose) for authentication to occur cleartext
over an unencrypted link, even though everywhere else this might not be
permitted.
--
Richard L. Goerwitz III Email: Richard.Goerwitz@Carleton.edu
Phone: +1 507 646 5526 Fax: +1 507 646 4537
PGP key fingerprint: 4471 B6D3 57CC B2DC A0CF 82D3 0B7D EA19 F425 B0E0