Kerberos + LDAP How-To

Markus Moeller huaraz at moeller.plus.com
Sat Oct 23 08:02:54 EDT 2004


Matt,

why do you use SSL and put extra load on the client/server if you already 
use Kerberos ? SASL/GSSAPI does authentication AND encryption !!
Cyrus-sasl may show only a SSF of 56, but this is only because is hardcoded 
in cyrus, it should be calculated from the kerberos key type .e.g. with 
3des,rc4 have a SSF of 128 or so.

Regards
Markus


"Matt Joyce" <syslists at vtsystems.com> wrote in message 
news:4175A85F.6080004 at vtsystems.com...
> Thanks much to all of you for your responses.  Much of what I wanted to do 
> is actually answered more in depth on-line.... took me a long time to find 
> good documentation on it.
>
> http://ofb.net/~jheiss/krbldap/howto.html
> Seems to be the best docs i've seen to date on the kerberos ldap link up. 
> Just thought I'd share that.
>
> -Matt Joyce.
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 




More information about the Kerberos mailing list