Adams, Samuel D Contr AFRL/HEDR wrote: > > I have been tweaking my ACIs on my directory server, and I more or > less feel good about its security posture except for one thing, it is > still allowing unencrypted authentication. My clients are configured > to use TLS for authentication which is good, but if I turn off TLS on > the client, it still can authenticate which is bad. Assuming > everything is configured properly on the client, this works, but I > would feel better if my LDAP wouldn?t even let a client bind if it is > not using TLS. Can I do this through an ACI or some other setting on > the server? > No. There is no way to do this with Fedora DS. I suggest filing an enhancement request against Fedora Directory Server at http://bugzilla.redhat.com > > /*/Sam Adams/*/ > > General Dynamics - Information Technology > > Phone: 210.536.5945 > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060817/cdde30a3/attachment.bin
