SASL authentication

Paul Moore paul.moore at
Mon Mar 16 17:57:44 EDT 2009

"That said, I've heard that a Windows DC will not accept an  
authenticated bind except over SSL/TLS.  Period.  Regardless of  
whether a SASL security layer is negotiated or not.  If that's not it,  
then I'm sorry I can't help."

Not so. GSS/SASL is its normal mode of operation. It is unusual to see
an AD server with SSL turned on 

What it wont accept is plain text binds over unencrypted channels 

More information about the krbdev mailing list