[Andreas B. Mundt] > I currently can't test, but perhaps we can increase the ssf to the old > value again. This will block all connections from ldapi://. To again > allow these local connections we need to set the ssf manually, as > described in: > <URL:http://www.openldap.org/lists/openldap-technical/200906/msg00109.html> > > >From the slapd.conf man page: > > localSSF <SSF> > Specifies the Security Strength Factor (SSF) to be given local > LDAP sessions, such as those to the ldapi:// listener. For a > description of SSF values, see sasl-secprops's minssf option > description. The default is 71.
I tried to set this to 0 or 1 and reinsert the security line, but Kerberos failed to start and LDAP refused the kdcs tries to log in. No idea why. perhaps bind_ssf overrides localssf? Perhaps some combination work, but I have not found it yet. :/ Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
