Adams, Samuel D Contr AFRL/HEDR wrote:
No. There is no way to do this with Fedora DS. I suggest filing an enhancement request against Fedora Directory Server at http://bugzilla.redhat.comI have been tweaking my ACIs on my directory server, and I more or less feel good about its security posture except for one thing, it is still allowing unencrypted authentication. My clients are configured to use TLS for authentication which is good, but if I turn off TLS on the client, it still can authenticate which is bad. Assuming everything is configured properly on the client, this works, but I would feel better if my LDAP wouldn’t even let a client bind if it is not using TLS. Can I do this through an ACI or some other setting on the server?
/*/Sam Adams/*/ General Dynamics - Information Technology Phone: 210.536.5945 ------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
