On 2/15/11 6:52 AM, "Simo Sorce" <sso...@redhat.com> wrote:

>On Tue, 15 Feb 2011 15:19:50 +0100
>Pavel Zuna <pz...@redhat.com> wrote:
>> I can't reproduce this. :-/
>> For me it goes fine:
>> [root@ipadev tools]# ./ipa-nis-manage enable
>> Directory Manager password:
>> Enabling plugin
>> This setting will not take effect until you restart Directory Server.
>> The rpcbind service may need to be started.
>Jr has set the minimum ssf to a non default value to test a
>configuration in which all communications are required to be encrypted.
>That's why you can't reproduce with the vanilla configuration.
>We want to support that mode although it won't be the default, so we
>need to fix any issue that causes that configuration to break (ie all
>non-encrypted/non-ldapi connections).
>Simo Sorce * Red Hat, Inc * New York
>Freeipa-devel mailing list

The best way to do this is:

service ipa stop
Edit /etc/dirsrv/slapd-DOMAIN/dse.ldif

nsslapd-minssf: 0

nsslapd-minssf: 56 <- 56 is chosen because SASL communicates a 56bit
handshake even though we utilize a much strong cipher... (It is a known

service ipa start

Freeipa-devel mailing list

Reply via email to