SASL authentication

Russ Allbery rra at
Mon Mar 16 18:46:54 EDT 2009

"Henry B. Hotz" <hotz at> writes:

> That said, I've heard that a Windows DC will not accept an authenticated
> bind except over SSL/TLS.  Period.  Regardless of whether a SASL
> security layer is negotiated or not.

This has now been fixed in a Microsoft hot fix, I believe.  There was
recent additional discussion in the kerberos at mailing list.  (Note
that this specifically affected Windows 2008, not Windows 2003.)

Russ Allbery (rra at             <>

More information about the krbdev mailing list