[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos/LDAP/SASL central authentication server howto

To: Markus Moeller <huaraz@moeller.plus.com>
Subject: Re: Kerberos/LDAP/SASL central authentication server howto
From: Love <lha@stacken.kth.se>
Date: Tue, 10 Aug 2004 16:21:06 +0200
Cc: tarjei@nu.no, heimdal-discuss@sics.se, Nikola Milutinovic <Nikola.Milutinovic@ev.co.yu>
In-Reply-To: <200408101005.i7AA5BTN029610@brev.sics.se> (Markus Moeller'smessage of "Tue, 10 Aug 2004 12:05:11 +0200")
References: <200408101005.i7AA5BTN029610@brev.sics.se>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)

Markus Moeller <huaraz@moeller.plus.com> writes:

> I tried to use the -O minssf=128 with ldapsearch against AD, but get a
> failure although I use the latest heimdal library which supports
> rc4-hmac. I can see that I have an arcfour-hmac-md5 ticket for the
> ldap/server principal and would assume that rc4-hmace allows the higher
> encryption.
>  
> Any ideas why not ? 

Because the gssapi abstracts the crypto operation and sasl can't know what
the SSF value is, so it just have to make something up. 56 used to be a
good guess when Kerberos5 was mostly single des.

Love

PGP signature

References:
- Re: Kerberos/LDAP/SASL central authentication server howto
  - From: Markus Moeller <huaraz@moeller.plus.com>

Prev by Date: Re: Kerberos/LDAP/SASL central authentication server howto
Next by Date: Re: Kerberos/LDAP/SASL central authentication server howto
Prev by thread: Re: Kerberos/LDAP/SASL central authentication server howto
Next by thread: Re: Kerberos/LDAP/SASL central authentication server howto
Index(es):
- Date
- Thread