On 04/15/15 21:10 +0000, Osipov, Michael wrote:
>Hi folks,
>
>I am binding against Active Directory with GSSAPI mech and would like to
disable SASL integrity for debugging purposes with Wireshark.
Unfortunately, this call fails:
Setting a minssf should not be necessary. Do you also get this error with
"maxssf=0"? "maxssf=1" may be a more workable option, since encryption is
really what you want to turn off, not integrity.
Yes, the error remains the same. Maxssf=1 does not help because integrity won't be disabled.
The encryption you are talking about is GSS confidentiality which won't be active anyway with
maxssf=1.