Kerberos/LDAP/SASL central authentication server howto
andreas at conectiva.com.br
Tue Aug 10 08:52:54 EDT 2004
On Tue, Aug 10, 2004 at 01:17:38PM +0200, Markus Moeller wrote:
> I think you are right, SASL only protects the authentication exchange. I found also that cysus-sasl hard codes SSF 56 for GSSAPI.
Check out RFC 2831, section 2.3: (http://www.ietf.org/rfc/rfc2831.txt?number=2831)
(This is the digest-md5 sasl mechanism rfc)
2.4 Confidentiality Protection
If the server sent a "cipher-opts" directive and the client responded
with a "cipher" directive, then subsequent messages between the
client and the server MUST be confidentiality protected.
Section 2.3 is about integrity protection.
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus