Using LDAP backend with start_tls
Mickael Marchand
mikmak at freenux.org
Thu Sep 18 02:08:34 EDT 2008
Le 17-09-2008, Klaus Heinrich Kiwi <klausk at linux.vnet.ibm.com> a écrit :
> Hi everyone,
>
> I was wondering how can I use the LDAP backend over a TLS connection.
> Looking at the krb5.conf file man page, looks like there is no option
> covering this and I'm assuming that simply using ldaps:// as the
> ldap_servers URI will toggle SSL over port 636 instead of TLS at port
> 389.
>
> ldapi://socket will initiate a unix socket connection
> ldap://host will start an unsecured connection at port 389
> ldaps://host will start SSL through port 636
>
> Is there a way to START_TLS over port 389?
>
> Thanks,
>
> -Klaus
>
>
Hi,
I have this setup with Heimdal and Openldap and iirc I checked the
source code and TLS was -not- used at all there :/
I did not care much since I use the same server for both, but this is
disturbing ...
writing a patch for this in Heimdal should be pretty straight forward I
guess.
Cheers,
Mik
More information about the Kerberos
mailing list