Markus,
Two reasons:
1) We are working towards turning off non-SSL access to our Sun LDAP
servers.
2) We ran into problems when talking to AD using Perl-LDAP/SASL
without SSL. IIRC, we couldn't do a password change over a non-SSL port
- AD spit back an error. Doing everything over SSL cleared up the problems.
But, yes, in most cases we could just use one or the other.
--Craig
Markus Moeller wrote:
Craig,
you say you use SASL + SSL. As far as I know SASL/GSSAPI can do encryption
too. What was the reason not to use SASL/GSSAPI with encryption. And example
is AD, which can be accessed via SASL/GSSAPI with encryption.
Thanks
Markus
"Craig Huckabee" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Kent Wu wrote:
So my question is that is it pretty easy to enable Kerberos for SUN
LDAP after installing SEAM? Or can SUN LDAP use other KDC as well?
We use Sun's LDAP server with PADL's GSSAPI plugin - we built our copy
against MIT Kerberos 1.3.x and use MIT KDCs. I think the binary versions
they sold previously also use MIT Kerberos.
We now have several processes that regularly use only GSSAPI/SASL over
SSL to authenticate and communicate with LDAP. Works very well.
HTH,
Craig
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
