Kerberos authentication to Active Directory with SSL enrcyption
Russ Allbery
eagle at eyrie.org
Sat Mar 8 15:19:37 EST 2014
"Markus Moeller" <huaraz at moeller.plus.com> writes:
> I wonder if someone can point me to a way to achieve an ldaps connection
> to Active Directory with Kerberos (or GSSAPI ).
> SASL/GSSAPI seems broken and nobody seems to mind.
Well, I do this all the time to our Active Directory server, so I know it
works. Our experience is that you have to use TLS (which you appear to be
doing), and you need to specify minssf=0 and maxssf=0 because Active
Directory doesn't support a SASL privacy layer when TLS is in use. But it
shouldn't require anything beyond that.
--
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list