On Fri, Oct 29, 2004 at 02:25:36PM -0400, Kevin wrote:
> Hi Andreas, Wido, and other list members-
>
> I just noticed on the Luma home page that SASL support (including GSSAPI)
> is now included and I therefore excitedly installed v1.4 but found that
> it didn't seem to work. :-(
Hehe, SASL really attracts people nowadays :)
> Although I did connect to the server, in looking in my server logs, I noticed
> that it was an anonymous bind.
I assume it's a fallback.
> I checked my credentials cache after attempting the GSSAPI bind, but there was
> only my krbtgt ticket (I'm using MIT Kerberos 5 v1.3.5). I also checked my
> kdc
> logs and it looks like there was no request for an ldap ticket made at all.
Right
> After reading this thread, I also tried DIGEST-MD5, and it does seem to work
> with no problems. I modified an entry in the directory after authenticating
> as the only LDAP Directory entry with authorization to make changes and
> everything
> seemed to work. Looked over my OpenLDAP logs and it looks like everything
> worked
> fine.
Same here
> BTW Andreas, you wrote that:
> > but those were minor. The important thing is that it worked and
> > the communication was even encrypted (not just the password).
>
> May I ask, how did you determine this with certainty? I've been trying
> to convince myself that this connection is encrypted also, but I don't
> see anything definitive in my server logs.
Check the SSF (security strength factor) value. It should be 128 for
DIGEST-MD5. You may
also just tcpdump the traffic.
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
|
