[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: reject_external_nonTLS_binds



On Fri, Jun 06, 2003 at 01:15:58AM -0700, Howard Chu wrote:
> This would probably be frowned on since it uses non-standard mechanisms, but
> I'd do something like this - First only enable cleartext connections on
> localhost, and then only enable ldaps from anywhere else:  slapd -h
> "ldap://localhost/ ldaps:///"  Note that using ldaps precludes the use of
> StartTLS, so the "-Z" client options must be omitted.
FWIW I second that. I like the idea of testing both in clear text
and encrypt externally. Mind you this is not my speciality. But,
it is a very_reasonable way of operating. (Even if not std compliant.)

Best Regards,
dreamwvr@dreamwvr.com

-- 
/*  Security is a work in progress - dreamwvr                 */
#                               48 69 65 72 6F 70 68 61 6E 74 32
# Note: To begin Journey type man afterboot,man help,man hier[.]      
# 66 6F 72 20 48 69 72 65                              0000 0001
// "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \?  ;-]