Re: TLS authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Adams Samuel D Contr AFRL/HEDR wrote:


Anyway, should I worry about clients using the LDAP to authenticate
without TLS?
That really depends on your deployment - how sensitive would you be to someone having their credentials sniffed off the wire? How likely is it that someone will attempt a non-encrypted bind? YMMV. 


 Do I need to set my directory server such that users can
only authenticate only if they have TLS enabled?
By the time the bind code is evaluating whether a secure transport was used the credentials have already passed over the wire. If you are sensitive to this, then I would suggest you disable the non-secure port by setting its port # to zero, then the only way to attempt a bind is over the secure port using SSL. 

--
Pete

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux