[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap traffic encryption with kerberos

To: "'Dave Snoopy'" <kingsnoopy7@yahoo.com>, "'openldap'" <openldap-software@OpenLDAP.org>
Subject: RE: ldap traffic encryption with kerberos
From: "Howard Chu" <hyc@highlandsun.com>
Date: Fri, 9 May 2003 12:03:58 -0700
Importance: Normal
In-reply-to: <20030509170406.7696.qmail@web41610.mail.yahoo.com>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Dave Snoopy

> When I use the ldapsearch tool, along with Kerberos
> authentication with the server, I notice that the
> traffic is encrypted.
>
> I recently wrote my own tool that uses the same
> openldap libraries. Following the Samba 3.0 "net"
> example, I bypassed SASL and just use GSSAPI directly.
> I am able to perform Kerberos authentication with the
> server just fine, but for some reason my traffic is
> *not* encrypted.

While credit is due the Samba team for having gotten as much LDAP
functionality as they already have, I'd have to say they're a poor model for
how to use LDAP. They have re-invented a lot of stuff that's already working
in existing LDAP libraries, for reasons I have not examined.

> Does anyone have any idea why?

Yes. I already posted how to do this correctly in my previous reply.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- ldap traffic encryption with kerberos
  - From: Dave Snoopy <kingsnoopy7@yahoo.com>

Prev by Date: Installing perl-ldap on Redhat 9
Next by Date: unnecessary attr. lookups?
Index(es):
- Chronological
- Thread