[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: GSSAPI+kerberos5+TLS to Active Directory
> 2. Now loading a server side certificate authority on AD and attempting a
>> TLS start I observe the following:
>> a. SASL auth doesn't work in this mode I assume because AD doesn't
> >support an EXTERNAL SASL mechanism?
>Correct, no SASL EXTERNAL. However, SASL GSSAPI works, but you need to
>disable the privacy and intergity protecion on the SASL layer
(sasl_ssf=0).
Disabling privacy and integrity protection? Can I do this via the -O switch
with Ldapsearch, or is this a compile-time option?