On 2/15/11 6:52 AM, "Simo Sorce" <sso...@redhat.com> wrote:

>On Tue, 15 Feb 2011 15:19:50 +0100
>Pavel Zuna <pz...@redhat.com> wrote:
>
>> I can't reproduce this. :-/
>> 
>> For me it goes fine:
>> 
>> [root@ipadev tools]# ./ipa-nis-manage enable
>> Directory Manager password:
>> 
>> Enabling plugin
>> This setting will not take effect until you restart Directory Server.
>> The rpcbind service may need to be started.
>> 
>
>Pavel,
>Jr has set the minimum ssf to a non default value to test a
>configuration in which all communications are required to be encrypted.
>That's why you can't reproduce with the vanilla configuration.
>
>We want to support that mode although it won't be the default, so we
>need to fix any issue that causes that configuration to break (ie all
>non-encrypted/non-ldapi connections).
>
>Simo.
>
>-- 
>Simo Sorce * Red Hat, Inc * New York
>
>_______________________________________________
>Freeipa-devel mailing list
>Freeipa-devel@redhat.com
>https://www.redhat.com/mailman/listinfo/freeipa-devel

The best way to do this is:

-=-
service ipa stop
Edit /etc/dirsrv/slapd-DOMAIN/dse.ldif

Change:
nsslapd-minssf: 0

To:
nsslapd-minssf: 56 <- 56 is chosen because SASL communicates a 56bit
handshake even though we utilize a much strong cipher... (It is a known
bug/feature)

service ipa start


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to