[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Support of Kerberos V5 safe and private messages for LDAP

To: Abhinav Ratna <abhi_ldap@yahoo.com>, OpenLDAP-software@OpenLDAP.org
Subject: Re: Support of Kerberos V5 safe and private messages for LDAP
From: Norbert Klasen <norbert.klasen@daasi.de>
Date: Thu, 07 Feb 2002 14:25:29 +0100
Content-disposition: inline
In-reply-to: <20020201115630.49336.qmail@web14609.mail.yahoo.com>
References: <20020201115630.49336.qmail@web14609.mail.yahoo.com>

--On Freitag, 1. Februar 2002 03:56 -0800 Abhinav Ratna <abhi_ldap@yahoo.com> wrote:

As Open LDAP supports Kerberos V5 authentication
mechanism, does it also support encrypted message
exchange between an LDAP client and LDAP server. The
Kerberos V5 RFC (RFC 1510) specifies KRB_SAFE and
KRB_PRIV messages for safe and private message
exchange respectively between client and servers after
kerberos authentication has taken place

OpenLDAP does not use Kerberos V5 directly. It uses the SASL GSSAPI mechanism, which in turn can use Kerberos V5. By default, an SASL GSSAPI bind in OpenLDAP will also install a security layer:

SASL/GSSAPI authentication started
SASL SSF: 56
SASL installing layers


--
Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de

Follow-Ups:
- Re: Support of Kerberos V5 safe and private messages for LDAP
  - From: Andreas Hasenack <andreas@conectiva.com.br>
- Re: Support of Kerberos V5 safe and private messages for LDAP
  - From: Abhinav Ratna <abhi_ldap@yahoo.com>

References:
- Support of Kerberos V5 safe and private messages for LDAP
  - From: Abhinav Ratna <abhi_ldap@yahoo.com>

Prev by Date: Re: Encrypting attributes of my choice
Next by Date: Re: SASL and PAM based password changing
Index(es):
- Chronological
- Thread