[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL and encrypted connection?

To: Stephan Siano <stephan.siano@suse.de>
Subject: Re: SASL and encrypted connection?
From: Norbert Klasen <klasen@zdv.uni-tuebingen.de>
Date: Tue, 06 Feb 2001 12:25:09 +0100
Cc: OpenLDAP Software <openldap-software@OpenLDAP.org>
Organization: DFN Directory Services, ZDV Uni Tübingen
References: <01020611173502.00842@grobi> <3A7FD588.56965C67@zdv.uni-tuebingen.de> <01020612101100.02066@grobi>

Hi Stephan,
> Hi Norbert,
> thanks for the information. Does that mean that that the sasl-secprops
> settings are valid for the whole request?
> 
> What is the difference between "sasl-secprops minssf=112" and "security
> ssf=112"?

IIRC sasl_secprops is used to determine which SASL mechanisms/ciphers
may used between server and client, and the security parameter gives the
SSFs required for directory operations.
So "security ssf=112" should be fulfilled if the privacy protection
provided by either a SASL security layer or TLS is strong enough. See
also slapd.conf(5).

-- 
Norbert Klasen
DFN Directory Services                           tel: +49 7071 29 70335
ZDV, Universität Tübingen                        fax: +49 7071 29 5912
Wächterstr. 76, 72074 Tübingen              http://www.directory.dfn.de
Germany                             norbert.klasen@zdv.uni-tuebingen.de

References:
- SASL and encrypted connection?
  - From: Stephan Siano <stephan.siano@suse.de>
- Re: SASL and encrypted connection?
  - From: Norbert Klasen <klasen@zdv.uni-tuebingen.de>
- Re: SASL and encrypted connection?
  - From: Stephan Siano <stephan.siano@suse.de>

Prev by Date: Re: SASL and encrypted connection?
Next by Date: v2.0.7: cannot add
Index(es):
- Chronological
- Thread