Kerberos/LDAP/SASL central authentication server howto

Andreas andreas at
Tue Aug 10 08:52:54 EDT 2004

On Tue, Aug 10, 2004 at 01:17:38PM +0200, Markus Moeller wrote:
> Nikola, 
> I think you are right, SASL only protects the authentication exchange. I found also that cysus-sasl hard codes SSF 56 for GSSAPI. 

Check out RFC 2831, section 2.3: (

(This is the digest-md5 sasl mechanism rfc)

2.4   Confidentiality Protection

   If the server sent a "cipher-opts" directive and the client responded
   with a "cipher" directive, then subsequent messages between the
   client and the server MUST be confidentiality protected. 

Section 2.3 is about integrity protection.

Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list