[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl with Kerberos support

To: openldap-technical@openldap.org
Subject: Re: Syncrepl with Kerberos support
From: Jaap Winius <jwinius@umrk.nl>
Date: Tue, 12 Jan 2010 01:56:58 +0100
Cc: Quanah Gibson-Mount <quanah@zimbra.com>
Content-disposition: inline
In-reply-to: <3920D65832D8D9E4806B4954@[192.168.1.199]>
References: <20100106015347.jyt5jb1ozpcwc8gg@www.umrk.nl> <20100111203351.x1yl6l8drs8ocksg@www.umrk.nl> <3920D65832D8D9E4806B4954@[192.168.1.199]>
User-agent: Internet Messaging Program (IMP) H3 (4.1.5)

Quoting Quanah Gibson-Mount <quanah@zimbra.com>:

Before I begin, let me say that, in this case, Kerberos only offers
encrypted authentication and not data encryption for the OpenLDAP
replication phase; for that it is necessary to set up a Certificate
Authority and use TLS (LDAP over SSL, slapd on port 636).


You're wrong.  Using SASL/GSSAPI fully encrypts the entire session if
you tell it to, which is the default for most applications, including
OpenLDAP. The only client I've ever seen that doesn't use encryption by
default is Sun's JNDI stuff.

Right, I stand corrected! This makes me very happy, because it meansthat I now have less work to do than I thought.


Thanks very much!

Cheers,

Jaap

References:
- Syncrepl with Kerberos support
  - From: Jaap Winius <jwinius@umrk.nl>
- Re: Syncrepl with Kerberos support
  - From: Jaap Winius <jwinius@umrk.nl>
- Re: Syncrepl with Kerberos support
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: Syncrepl with Kerberos support
Next by Date: Re: Directory layout help
Index(es):
- Chronological
- Thread