[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: Re: Q: different SSF settings for ldapi:// than for ldap:



Ulrich Windl wrote:
Michael Ströder<michael@stroeder.com> schrieb am 30.03.2015 um 11:24 in
Nachricht <55191633.90204@stroeder.com>:
Ulrich Windl wrote:
Michael Ströder<michael@stroeder.com> schrieb am 29.03.2015 um 12:12 in
I have this in my config:

# SSF value for ldapi://
localSSF 256

What I don't understand here is: Doesn't "256" _require_ encryption for
ldapi:// then?

There is a reason for everything I write, especially this sentence:

  >> See slapd.conf(5) for details.

Learn to read the fine docs.

What really annoys me in this list are answers like "I know, you dont't. Try
to find out yourself!".

Is it really too demanding to look up the text yourself when I point out a particular configuration directive *and* point to the relevant man page?

My impression was that you did not read the text before asking back.

Here's what the manual page says:
--
        localSSF <SSF>
               Specifies  the  Security Strength Factor (SSF) to be given
local
               LDAP sessions, such as those to the ldapi://  listener.   For
a
               description  of  SSF  values,  see sasl-secprops's minssf
option
               description.  The default is 71.
--
So where is the answer what 255 means? And what is the meaning of 71? (I guess
71 bit encryption; so I guess 255 means 255-bit encryption, but you say I'm
wrong)

Yes, the default is 71 which is lower than what you specified as minssf.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature