[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Seems I do not understand the ssf entries..... either that or something a bit more strange.

To: Pat Riehecky <prieheck@iwu.edu>, openldap-software@openldap.org
Subject: Re: Seems I do not understand the ssf entries..... either that or something a bit more strange.
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Thu, 12 Jun 2008 16:49:01 -0700
Content-disposition: inline
In-reply-to: <1213308088.25521.141.camel@thales.iwu.edu>
References: <1213308088.25521.141.camel@thales.iwu.edu>

--On June 12, 2008 5:01:28 PM -0500 Pat Riehecky <prieheck@iwu.edu> wrote:

From the doc ( http://www.openldap.org/doc/admin24/security.html )
-----------------
security controls disallow operations when appropriate protections are
not in place. For example:
security ssf=1 update_ssf=112

In an ideal world I would like security update_ssf=128 simple_bind=112
to be working (force 3DES or better for a bind, for AES or better for an
update), but I will settle for what must I do to make the documented
example work for me?

Build your own OpenLDAP linked against OpenSSL, and use a strong key for generating the cert used by OpenLDAP.

I also suggest searching the OpenLDAP-devel archives as to why using GnuTLS is considered harmful.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: Seems I do not understand the ssf entries..... either that or something a bit more strange.
  - From: Pat Riehecky <prieheck@iwu.edu>

References:
- Seems I do not understand the ssf entries..... either that or something a bit more strange.
  - From: Pat Riehecky <prieheck@iwu.edu>

Prev by Date: Seems I do not understand the ssf entries..... either that or something a bit more strange.
Next by Date: Re: Seems I do not understand the ssf entries..... either that or something a bit more strange.
Index(es):
- Chronological
- Thread