[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos/LDAP/SASL central authentication server howto

To: tarjei@nu.no, heimdal-discuss@sics.se, Info-cyrus <info-cyrus@lists.andrew.cmu.edu>, Nikola Milutinovic <Nikola.Milutinovic@ev.co.yu>, Andreas <andreas@conectiva.com.br>
Subject: Re: Kerberos/LDAP/SASL central authentication server howto
From: Markus Moeller <huaraz@moeller.plus.com>
Date: Tue, 10 Aug 2004 15:47:14 +0200
Sender: owner-heimdal-discuss@sics.se

Andreas, 
 
how does this translate to GSSAPI sasl mechanism ? Does it depend on the implementation or is there any clarification ? 
 
Thanks 
Markus 
 
On Tue, 10 Aug 2004 09:52 , Andreas <andreas@conectiva.com.br> sent: 
 
>On Tue, Aug 10, 2004 at 01:17:38PM +0200, Markus Moeller wrote: 
>> Nikola,  
>>   
>> I think you are right, SASL only protects the authentication exchange. I found also that cysus-sasl hard codes SSF 56 for GSSAPI.  
> 
>Check out RFC 2831, section 2.3: (http://www.ietf.org/rfc/rfc2831.txt\?number=2831) 
> 
>(This is the digest-md5 sasl mechanism rfc) 
> 
>2.4   Confidentiality Protection 
> 
>   If the server sent a "cipher-opts" directive and the client responded 
>   with a "cipher" directive, then subsequent messages between the 
>   client and the server MUST be confidentiality protected.  
> 
>Section 2.3 is about integrity protection. 
> 
--  
Markus Moeller <huaraz@moeller.plus.com>

Prev by Date: Re: Kerberos/LDAP/SASL central authentication server howto
Next by Date: Re: Kerberos/LDAP/SASL central authentication server howto
Prev by thread: Re: Kerberos/LDAP/SASL central authentication server howto
Next by thread: Re: Kerberos/LDAP/SASL central authentication server howto
Index(es):
- Date
- Thread