I suspect it will be hard to make this argument to your Powers-That-Be, but a simple bind (even over TLS) is *LESS* secure than a SASL/kerberos bind. It's very sad that there is such widespread ignorance of how to really make things secure.
Perhaps a compromise solution would be to use SASL/Kerberos over TLS? If you're using the SASL security layer that's silly and inefficient, but it might be easier to deal with. On Jan 20, 2010, at 12:28 AM, Espen Martinsen wrote: > Hi, > This is actually a hardened AD w2k8 installation. They say this is because > they do not accept use of insecure protocols/cleartext auth's. > > They only allow a connection which uses SSL or TLS. > -- > This message posted from opensolaris.org ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
