Re: LDAP authentication on a remote server (via ldaps://) [SOLVED]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hello
       Please I want help in centos server I can ping the gateway or my eth1 ip address but i cant browse from
my server could you help me with the codes the codes that will enable network cause i've already configure
my iptables and it's showing me that everything is ok. Please help
Thank you.
 
> Date: Wed, 6 Oct 2010 22:27:08 +0100
> From: miguelmedalha@xxxxxxx
> To: mbaudier@xxxxxxxxx
> CC: centos@xxxxxxxxxx
> Subject: Re: LDAP authentication on a remote server (via ldaps://) [SOLVED]
>
>
> >> Are you aware that SSL on port 636 is now considered deprecated in favor of
> >> START_TLS on port 389?
> > No, I'm not (I actually thought that it was the other way round)
> >
> > (...)
> >
> > What are the pro and cons of both approaches?
> >
> > Comments more than welcome
>
> You can, as an example, consult the Wikipedia article on LDAP. It states:
>
> ---------------------------------------------------
>
> StartTLS
>
> The StartTLS operation establishes Transport Layer Security (the
> descendant of SSL) on the connection. It can provide data
> confidentiality (to protect data from being observed by third parties)
> and/or data integrity protection (which protects the data from
> tampering). During TLS negotiation the server sends its X.509
> certificate to prove its identity. The client may also send a
> certificate to prove its identity. After doing so, the client may then
> use SASL/EXTERNAL. By using the SASL/EXTERNAL, the client requests the
> server derive its identity from credentials provided at a lower level
> (such as TLS). Though technically the server may use any identity
> information established at any lower level, typically the server will
> use the identity information established by TLS.
>
> Servers also often support the non-standard "LDAPS" ("Secure LDAP",
> commonly known as "LDAP over SSL") protocol on a separate port, by
> default 636. LDAPS differs from LDAP in two ways: 1) upon connect, the
> client and server establish TLS before any LDAP messages are transferred
> (without a StartTLS operation) and 2) the LDAPS connection must be
> closed upon TLS closure.
>
> LDAPS was used with LDAPv2, because the StartTLS operation had not yet
> been defined. The use of LDAPS is deprecated, and modern software should
> only use StartTLS .
>
> http://en.wikipedia.org/wiki/LDAP
>
> ---------------------------------------------------
>
> A quick search will provide plenty of articles about the subject.
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux