Kenneth Holter wrote:
Thank you for the quick reply.We're going for the TLS based solution. However, I'd like a better understanding of SASL, so let me post these questions:* What can SASL be used for besides Kerberos integration?
The SASL mechanism Digest-MD5 is an LDAP standard authentication mechanism.
* The RHDS documentation says that TLS can be used as an
authentication mechanism, but doesn't provide much details.
*
* How can I check if SASL is enabled on my LDAP server (RHDS)?
It is enabled by default. ldapsearch -x -s base -b "" "objectclass=*" supportedsaslmechanisms
On 5/13/08, *David Boreham* <david_list@xxxxxxxxxxx <mailto:david_list@xxxxxxxxxxx>> wrote:Kenneth Holter wrote: The DS supports both TLS and SASL. TLS can be used for both authentication and encryption, and should therefore cover our security needs. SASL is quite new to me, and as of now I don't see the benefit of using it. Which security or functionality features does SASL provide that TLS doesn't? I know that SASL enables integration with Kerberos, but we're most likely not going for a Kerberos based solution.SASL is primarily needed to support Kerberos clients. Use TLS unless you already know that you want SASL for some reason. -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx <mailto:Fedora-directory-users@xxxxxxxxxx> https://www.redhat.com/mailman/listinfo/fedora-directory-users ------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
