[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL and encrypted connection?

To: Stephan Siano <stephan.siano@suse.de>
Subject: Re: SASL and encrypted connection?
From: Norbert Klasen <klasen@zdv.uni-tuebingen.de>
Date: Tue, 06 Feb 2001 11:44:24 +0100
Cc: OpenLDAP Software <openldap-software@OpenLDAP.org>
Organization: DFN Directory Services, ZDV Uni Tübingen
References: <01020611173502.00842@grobi>

Hi Stephan 
> I managed LDAP searches with simple and SASL (Digest MD5) authentication and
> everything seems to work as expected. However whatching the communication
> with a network sniffer, the whole communication during and after the simple
> bind is clear text (as expected) and the whole communitcation with the
> SASL-bind semms to be encrypted or obscured. I expected an encryped bind
> commuitcation but what is happening with the search request itself. Is this
> behaviour configurable?

By default integrity and privacy protection is negotiated when using
SASL binds. You can keep non-bind operations in clear text if you set
the maxssf parameter, e.g.: ldapsearch -h host -s base -O maxssf=0

-- 
Norbert Klasen
DFN Directory Services                           tel: +49 7071 29 70335
ZDV, Universität Tübingen                        fax: +49 7071 29 5912
Wächterstr. 76, 72074 Tübingen              http://www.directory.dfn.de
Germany                             norbert.klasen@zdv.uni-tuebingen.de

Follow-Ups:
- Re: SASL and encrypted connection?
  - From: Stephan Siano <stephan.siano@suse.de>

References:
- SASL and encrypted connection?
  - From: Stephan Siano <stephan.siano@suse.de>

Prev by Date: SASL and encrypted connection?
Next by Date: Re: SASL and encrypted connection?
Index(es):
- Chronological
- Thread