Howard Chu wrote:
Jose Gonzalez Gomez wrote:
o Of course, make use of TLS/SSL if you are planning to provide simple bind authentication. You don't want to blow out your whole Kerberos security having those passwords floating around your network, do you?
This is a strong argument against supporting Simple Binds at all, when using Kerberos.
Anyway, OpenLDAP doesn't completely implement the whole LDAPv3 standard, so maybe we won't miss DIGEST-MD5 that much until there is an easier way of doing it...
Since LDAPv3 is an extensible protocol, I'm not sure what this statement means.
Best regards Jose