Kerberos/LDAP/SASL central authentication server howto
Markus Moeller
huaraz at moeller.plus.com
Tue Aug 10 09:47:14 EDT 2004
Andreas,
how does this translate to GSSAPI sasl mechanism ? Does it depend on the implementation or is there any clarification ?
Thanks
Markus
On Tue, 10 Aug 2004 09:52 , Andreas <andreas at conectiva.com.br> sent:
>On Tue, Aug 10, 2004 at 01:17:38PM +0200, Markus Moeller wrote:
>> Nikola,
>>
>> I think you are right, SASL only protects the authentication exchange. I found also that cysus-sasl hard codes SSF 56 for GSSAPI.
>
>Check out RFC 2831, section 2.3: (http://www.ietf.org/rfc/rfc2831.txt\?number=2831)
>
>(This is the digest-md5 sasl mechanism rfc)
>
>2.4 Confidentiality Protection
>
> If the server sent a "cipher-opts" directive and the client responded
> with a "cipher" directive, then subsequent messages between the
> client and the server MUST be confidentiality protected.
>
>Section 2.3 is about integrity protection.
>
--
Markus Moeller <huaraz at moeller.plus.com>
More information about the Info-cyrus
mailing list