On Feb 14, 2012, at 5:46 PM, Fajar Priyanto wrote:
> Hi all,
> I'm setting up a local LDAP server with a pass-through authentication
> to another LDAP.
> I'm not clear about the encryption.
>
> Say the case is like this. CompB is set to have LDAP authentication.
> A ---> SSH ---> CompB ---> Local LDAP:389 ---> SASLAUTHD --> Global LDAP: 636
>
> 1. Password on the SSH session would be encrypted, isn't it?
----
ldaps (port 636) would indeed be encrypted but it is deprecated and not typically started by default configurations these days.
----
> 2. How about when it goes to the local LDAP:389, would it be encrypted?
----
depends upon whether TLS is indicated and/or required.
If you require it via an ACL on the LDAP server, then it succeeds only if the connection is made via TLS.
If you require it at the client (TLS_ReqCert demand or hard), then it succeeds only if the connection is made via TLS.
Craig
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
