Btw, I have a couple of related questions:
1) What happens when a client connects over unencrypted channel, and authorises using SASL (for instance SASL/GSSAPI). Does the whole traffic automatically become encrypted afterwards (i.e. does this automatically starts TLS), or not?
No. It depends on 2 things:
1) The encryption strength of your K5 keys 2) If the client doing the bind has turned on encryption.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITSS/TSS/Computing Systems ITSS/TSS/Infrastructure Operations Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html