Kerberos + LDAP How-To

Markus Moeller huaraz at moeller.plus.com
Sat Oct 23 08:16:03 EDT 2004


Matt,

why do you use SSL and put extra load on the client/server if you already
use Kerberos ? SASL/GSSAPI does authentication AND encryption !!
Cyrus-sasl may show only a SSF of 56, but this is only because is hardcoded
in cyrus, it should be calculated from the kerberos key type .e.g. with
3des,rc4 have a SSF of 128 or so.

Regards
Markus


"Turbo Fredriksson" <turbo at bayour.com> wrote in message 
news:87d5z9oi8x.fsf at papadoc.bayour.com...
>>>>>> "Matt" == Matt Joyce <syslists at vtsystems.com> writes:
>
>    Matt> Thanks much to all of you for your responses.  Much of what
>    Matt> I wanted to do is actually answered more in depth
>    Matt> on-line.... took me a long time to find good documentation
>    Matt> on it.
>
>    Matt> http://ofb.net/~jheiss/krbldap/howto.html
>
>    Matt> Seems to be the best docs i've seen to date on the kerberos
>    Matt> ldap link up.  Just thought I'd share that.
>
> And I naturaly would like to take the chanse of promoting
>
> http://www.bayour.com/LDAPv3-HOWTO.html
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 




More information about the Kerberos mailing list