[Freeipa-devel] LDAP TLS issues
Simo Sorce
ssorce at redhat.com
Fri Nov 9 22:41:09 UTC 2007
On Fri, 2007-11-09 at 17:09 -0500, John Dennis wrote:
>
> 3) The DS Admin guide says you can also use GSSAPI for secure
> transport
> if you're using SASL. Well, I'm doing a GSSAPI SASL bind, does that
> mean
> I'm getting a secure transport in the process or do I have to enable
> that and if so how?
SASL/GSSAPI already provides (strong) encryption, you shouldn't need
TLS.
It's either/or
Anyway, why would you need to encrypt something in directory server?
When you search these attributes you will get them back in clear, the
encryption is useful only to protect the data in case someone steals the
disk and even then only if the secret is manually entered at start-up I
believe ...
Care to elaborate more?
Simo.
More information about the Freeipa-devel
mailing list