[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL and encrypted connection?
Hi Stephan
> I managed LDAP searches with simple and SASL (Digest MD5) authentication and
> everything seems to work as expected. However whatching the communication
> with a network sniffer, the whole communication during and after the simple
> bind is clear text (as expected) and the whole communitcation with the
> SASL-bind semms to be encrypted or obscured. I expected an encryped bind
> commuitcation but what is happening with the search request itself. Is this
> behaviour configurable?
By default integrity and privacy protection is negotiated when using
SASL binds. You can keep non-bind operations in clear text if you set
the maxssf parameter, e.g.: ldapsearch -h host -s base -O maxssf=0
--
Norbert Klasen
DFN Directory Services tel: +49 7071 29 70335
ZDV, Universität Tübingen fax: +49 7071 29 5912
Wächterstr. 76, 72074 Tübingen http://www.directory.dfn.de
Germany norbert.klasen@zdv.uni-tuebingen.de