[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Support of Kerberos V5 safe and private messages for LDAP





--On Freitag, 1. Februar 2002 03:56 -0800 Abhinav Ratna <abhi_ldap@yahoo.com> wrote:

As Open LDAP supports Kerberos V5 authentication
mechanism, does it also support encrypted message
exchange between an LDAP client and LDAP server. The
Kerberos V5 RFC (RFC 1510) specifies KRB_SAFE and
KRB_PRIV messages for safe and private message
exchange respectively between client and servers after
kerberos authentication has taken place

OpenLDAP does not use Kerberos V5 directly. It uses the SASL GSSAPI mechanism, which in turn can use Kerberos V5. By default, an SASL GSSAPI bind in OpenLDAP will also install a security layer:


SASL/GSSAPI authentication started
SASL SSF: 56
SASL installing layers


-- Norbert Klasen, Dipl.-Inform. DAASI International GmbH phone: +49 7071 29 70336 Wilhelmstr. 106 fax: +49 7071 29 5114 72074 Tübingen email: norbert.klasen@daasi.de Germany web: http://www.daasi.de