[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: only Kerberos authentication

To: openldap-software@OpenLDAP.org
Subject: Re: only Kerberos authentication
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 28 Jul 2004 08:47:16 -0700
Content-disposition: inline
In-reply-to: <m38yd44brn.fsf@marin.l4b.de>
References: <200407281023.1d5d@th00.idoo.com> <m38yd44brn.fsf@marin.l4b.de>

--On Wednesday, July 28, 2004 1:22 PM +0200 Dieter Kluenter <dieter@dkluenter.de> wrote:

How can I set only gssapi authentication for Openldap


Don't allow any userPassword attribute and set appropriate security
strength factor (ssf) rules, see man slapd.access(5).  GSSAPI by the way
has a sasl ssf 56.

That depends on the strength of your kerberos key. It is possible for GSSAPI to have a higher SASL SSF.

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- only Kerberos authentication
  - From: <tandersson@nostalgie.fr>
- Re: only Kerberos authentication
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: Add autofs schema to existing
Next by Date: Re: only Kerberos authentication
Index(es):
- Chronological
- Thread