[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5195) ssf not available during sasl bind

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5195) ssf not available during sasl bind
From: quanah@zimbra.com
Date: Mon, 29 Oct 2007 23:32:10 GMT

--On Monday, October 29, 2007 11:15 PM +0000 hyc@symas.com wrote:

> Stay focused on the original ITS topic.

Discussing further with Howard offline, he notes that ssf=<n> is the 
minimum, not the requirement, so in the case I was thinking of:

security ssf=56

would be sufficient in that specific case, although all connections are 
forced to be encrypted at that point.  I'm not sure the security directive 
then satisfies allowing anonymous binds to be unencrypted, which is why 
then using ACL statements is a better route for that data you specifically 
want to ensure is protected.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Prev by Date: Re: (ITS#5195) ssf not available during sasl bind
Next by Date: Re: (ITS#5195) ssf not available during sasl bind
Index(es):
- Chronological
- Thread