[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI+kerberos5+TLS to Active Directory





--On Samstag, 9. März 2002 15:29 +1100 andrew hall <temp01@bluereef.com.au> wrote:

2. Now loading a server side certificate authority on AD and attempting a
 >> TLS start I observe the following:
 >>     a. SASL auth doesn't work in this mode I assume because AD doesn't
 > >support an EXTERNAL SASL mechanism?

 >Correct, no SASL EXTERNAL. However, SASL GSSAPI works, but you need to
 >disable the privacy and intergity protecion on the SASL layer
(sasl_ssf=0).

 Disabling privacy and integrity protection? Can I do this via the -O
switch  with Ldapsearch, or is this a compile-time option?

-O maxssf=0 or SASL_SECPROPS in ldap.conf

--
Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de