[Date Prev][Date Next] [Chronological] [Thread] [Top]

How to disable SSF (integrity) on GSSAPI mech?

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: How to disable SSF (integrity) on GSSAPI mech?
From: "Osipov, Michael" <michael.osipov@siemens.com>
Date: Wed, 15 Apr 2015 21:10:04 +0000
Accept-language: de-DE, en-US
Content-language: de-DE
Thread-index: AdB3wIpFgi17sq0bTSmpPmB0Xx6M/Q==
Thread-topic: How to disable SSF (integrity) on GSSAPI mech?

Hi folks,

I am binding against Active Directory with GSSAPI mech and would like to disable SASL integrity for debugging purposes with Wireshark. Unfortunately, this call fails:

char *secprops = "minssf=0,maxssf=0";
rc = ldap_set_option(ld, LDAP_OPT_X_SASL_SECPROPS, secprops);

with:

Diagnostic message: SASL(-1): generic failure: GSSAPI Error: A required input parameter could not be read (Unknown error)
Result code: -2

I am used to this with Java's SASL client where I can set SASL QOP with auth, auth-int, auth-conf.

Is that not possible with OpenLDAP along with CyrusSASL?

For what it is worth, I am on FreeBSD 9.3 with latest OpenLDAP and CyrusSASL from the ports tree.

Regards,

Michael

Follow-Ups:
- Re: How to disable SSF (integrity) on GSSAPI mech?
  - From: Dan White <dwhite@cafedemocracy.org>

Prev by Date: Re: EXOP patches for PHP LDAP module
Next by Date: Re: Auxiliary object class practically of no use?
Index(es):
- Chronological
- Thread