[Date Prev][Date Next] [Chronological] [Thread] [Top]

minssf more then 56

To: OpenLDAP-software@OpenLDAP.org
Subject: minssf more then 56
From: "Hai Zaar" <haizaar@gmail.com>
Date: Thu, 21 Sep 2006 10:06:11 +0300
Content-disposition: inline
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=IpxRta77d7aKuX1DVMI68/eazTJ4YwQADBLb7WtVVCk5Xzg0wXTsKy/GWVqJxi2mnO7QeRHRhAATrJTNVU2kTv7E63Vqx2UN2zov+4lYKwrAt/lJt+9GN6D8XrvIv0u9zFP4Tegr1kMYaBOOfAHFymIP4cufAB3lO4PuvlTPDiM=

Dear, list!

I'm using OpenLDAP with SASL GSSAPI.

If I leave minssf to be 56, all works smoothly, but when trying to set
minssf to something more then 56, for example 112, 128 or 256, I get
the following error:

ldapsearch -d 1  -Y  GSSAPI  -b "uid=foo,ou=people,dc=example,dc=com" -s base
  ldap_create
  ldap_sasl_interactive_bind_s: user selected: GSSAPI
  ldap_int_sasl_bind: GSSAPI
  ldap_new_connection 1 1 0
  ldap_int_open_connection
  ldap_connect_to_host: TCP directory.example.con:389
  ldap_new_socket: 3
  ldap_prepare_socket: 3
  ldap_connect_to_host: Trying 10.0.0.10:389
  ldap_connect_timeout: fd: 3 tm: -1 async: 0
  ldap_int_sasl_open: host=direcotry.example.com
  ldap_perror
  ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
          additional info: SASL(-4): no mechanism available: No
worthy mechs found

This is kind of strange, since Ethereal shows that even with minssf=56
all of kerberos traffic is
encrypted with aes256-cts-hmac-sha1-96.

--
Zaar

Follow-Ups:
- Re: minssf more then 56
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Need some help with ACLs
Next by Date: Re: minssf more then 56
Index(es):
- Chronological
- Thread