Kent, I used for example ldapsearch on a standard SuSE SLES 9 system with heimdal Kerberos, cyrus-sasl and openldap. On another system I compiled myself MIT Kerberos, cyrus-sasl and openldap. The capture of the ldapsearch was not readable text. Keep in mind you need the MS pac authorisation information in your Kerberos ticket, which means you have to authenticate to AD.
Regards Markus "Kent Wu" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Markus, > > I know SASL/GSSAPI can do encryption according to the document > however I tried a while back to enable the encryption against AD while > doing kerberos authentication in my C program but failed. Did you really > enable the encryption successfully in the program? If so then I must > have missing something then.... > > Thanks. > > -Kent > > On Thu, 2005-09-01 at 20:24 +0100, Markus Moeller wrote: >> Craig, >> >> you say you use SASL + SSL. As far as I know SASL/GSSAPI can do >> encryption >> too. What was the reason not to use SASL/GSSAPI with encryption. And >> example >> is AD, which can be accessed via SASL/GSSAPI with encryption. >> >> Thanks >> Markus >> >> "Craig Huckabee" <[EMAIL PROTECTED]> wrote in message >> news:[EMAIL PROTECTED] >> > Kent Wu wrote: >> >> >> >> So my question is that is it pretty easy to enable Kerberos for SUN >> >> LDAP after installing SEAM? Or can SUN LDAP use other KDC as well? >> > >> > We use Sun's LDAP server with PADL's GSSAPI plugin - we built our >> > copy >> > against MIT Kerberos 1.3.x and use MIT KDCs. I think the binary >> > versions >> > they sold previously also use MIT Kerberos. >> > >> > We now have several processes that regularly use only GSSAPI/SASL >> > over >> > SSL to authenticate and communicate with LDAP. Works very well. >> > >> > HTH, >> > Craig >> > >> > ________________________________________________ >> > Kerberos mailing list [email protected] >> > https://mailman.mit.edu/mailman/listinfo/kerberos >> > >> >> >> >> ________________________________________________ >> Kerberos mailing list [email protected] >> https://mailman.mit.edu/mailman/listinfo/kerberos > -- > Kent Wu <[EMAIL PROTECTED]> > XSIGO INC. > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
