Kerberos/LDAP/SASL central authentication server howto

Markus Moeller huaraz at
Tue Aug 10 09:47:14 EDT 2004

how does this translate to GSSAPI sasl mechanism ? Does it depend on the implementation or is there any clarification ? 
On Tue, 10 Aug 2004 09:52 , Andreas <andreas at> sent: 
>On Tue, Aug 10, 2004 at 01:17:38PM +0200, Markus Moeller wrote: 
>> Nikola,  
>> I think you are right, SASL only protects the authentication exchange. I found also that cysus-sasl hard codes SSF 56 for GSSAPI.  
>Check out RFC 2831, section 2.3: (\?number=2831) 
>(This is the digest-md5 sasl mechanism rfc) 
>2.4   Confidentiality Protection 
>   If the server sent a "cipher-opts" directive and the client responded 
>   with a "cipher" directive, then subsequent messages between the 
>   client and the server MUST be confidentiality protected.  
>Section 2.3 is about integrity protection. 
Markus Moeller <huaraz at> 

More information about the Info-cyrus mailing list