At Fri, 29 Sep 2017 10:47:48 -0400 brendan kearney <bpk678@gmail.com>
wrote:
SASL is a "glue" between LDAP and Kerberos, that translates an identity
established through Kerberos AuthN to an LDAP Distinguished Name (among
other possible uses). When communications between Kerberos and LDAP
happen, SASL also provides encryption.
I have setup Kerberos, SASL, OpenLDAP and SSSD all on Fedora and it all
works. I dont have to muck with SSL/TLS and the different
implementations with their specific nuances.
Don't you still need a SSL Certificate? That is, SSL/TLS is still there
someplace?