On 2/15/11 6:52 AM, "Simo Sorce" <[email protected]> wrote:
>On Tue, 15 Feb 2011 15:19:50 +0100 >Pavel Zuna <[email protected]> wrote: > >> I can't reproduce this. :-/ >> >> For me it goes fine: >> >> [root@ipadev tools]# ./ipa-nis-manage enable >> Directory Manager password: >> >> Enabling plugin >> This setting will not take effect until you restart Directory Server. >> The rpcbind service may need to be started. >> > >Pavel, >Jr has set the minimum ssf to a non default value to test a >configuration in which all communications are required to be encrypted. >That's why you can't reproduce with the vanilla configuration. > >We want to support that mode although it won't be the default, so we >need to fix any issue that causes that configuration to break (ie all >non-encrypted/non-ldapi connections). > >Simo. > >-- >Simo Sorce * Red Hat, Inc * New York > >_______________________________________________ >Freeipa-devel mailing list >[email protected] >https://www.redhat.com/mailman/listinfo/freeipa-devel The best way to do this is: -=- service ipa stop Edit /etc/dirsrv/slapd-DOMAIN/dse.ldif Change: nsslapd-minssf: 0 To: nsslapd-minssf: 56 <- 56 is chosen because SASL communicates a 56bit handshake even though we utilize a much strong cipher... (It is a known bug/feature) service ipa start _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
