The starttls function tell the application to negotiate an encrypted session. Either SSL or TLS depends on the way the keys were generated. With 'openssl ciphers -v ALL' you could check the options your openssl could generate keys. Look at SSL version. See: http://sial.org/howto/openssl/tls-name/ On 9/6/07, Harry Hoffman <hhoffman@xxxxxxxxxxxxxxxx> wrote: > Ah, perhaps I was misunderstanding... > > I was thinking TLS, e.g. on port 389 an non-encrypted until a starttls > was issued vs. SSL on port 636 where the encryption is constantly enabled. > > Cheers, > Harry > > mups.cp wrote: > > SSL = SSLv1 or SSLv2 > > TLS = SSLv3 > > > > On 9/6/07, Harry Hoffman <hhoffman@xxxxxxxxxxxxxxxx> wrote: > >> Hi, > >> > >> Thanks for reviewing. > >> > >> I'm on RHEL4 and was having all sorts of weird issues with using > >> auth/authconfig. > >> > >> Does TLS == SSL for LDAP? > >> > >> Cheers, > >> Harry > >> > >> > >> mups.cp wrote: > >>> The kickstart auth option allow set must tyhe options you are settings > >>> into %post. > >>> http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Installation_Guide-en-US/s1-kickstart2-options.html > >>> has all you need. Look for auth/authconfig > >>> > >>> > >>>> %post > >>>> # Setup LDAP > >>>> # > >>>> # equiv to running setup tool > >>>> authconfig --kickstart --enableshadow --enablemd5 --enableldap > >>>> --enableldapauth --ldapserver ldap.yourdomain.com --ldapbasedn > >>>> dc=yourdomain,dc=com > >>> Use this out %post. Look the link above. > >>> > >>> > >>>> # > >>>> # Turn SSL on in the config files > >>>> perl -p -i -e 's/^ssl no/ssl on/g' /etc/ldap.conf > >>>> echo "tls_cacertfile /etc/openldap/cacerts/cacert.asc" >> /etc/ldap.conf > >>>> echo "URI ldaps://ldap.yourdomain.com" >> /etc/openldap/ldap.conf > >>> Again, no necessary if using the above --enableldaptls. > >>> > >>>> # > >>>> # Create a directory to hold our Cert Auth certificate > >>>> mkdir -p /etc/openldap/cacerts > >>>> # Download the CA certificate > >>>> wget -O /etc/openldap/cacerts/cacert.asc http://INSTALL_SERVER/cacert.asc > >>>> # > >>> OK > >>> > >>>> # Have PAM autocreate home directories upon login > >>>> echo "session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ > >>>> umask=0077" >> /etc/pam.d/system-auth > >>> This is useful only if users connect through ssh. > >>> Through samba use root preexec to create home dir automaticly. > >>> For Linux clients use autofs. > >>> > >>>> # > >>>> # Ensure that local authorization is enough to get on the system > >>>> # (i.e. root can login) > >>>> perl -p -i -e 's/^USELOCAUTHORIZE=no/USELOCAUTHORIZE=yes/' > >>>> /etc/sysconfig/authconfig > >>> My system works without change this. > >>> > >>> _______________________________________________ > >>> Kickstart-list mailing list > >>> Kickstart-list@xxxxxxxxxx > >>> https://www.redhat.com/mailman/listinfo/kickstart-list > >> _______________________________________________ > >> Kickstart-list mailing list > >> Kickstart-list@xxxxxxxxxx > >> https://www.redhat.com/mailman/listinfo/kickstart-list > >> > > > > _______________________________________________ > > Kickstart-list mailing list > > Kickstart-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/kickstart-list > > _______________________________________________ > Kickstart-list mailing list > Kickstart-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/kickstart-list > _______________________________________________ Kickstart-list mailing list Kickstart-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/kickstart-list
