[Freeipa-users] MinSSF suggestions?
Alexander Bokovoy
abokovoy at redhat.com
Mon Aug 11 14:18:03 UTC 2014
On Sat, 09 Aug 2014, Erinn Looney-Triggs wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA256
>
>It would seem to be prudent to set the minssf setting for 389 to 56,
>however I am wondering why this isn't done by default, and if there is
>any reason why I shouldn't do it?
Anonymous connection to LDAP wouldn't work. I think we use it for
rootdse access when enrolling IPA clients where we don't yet have a CA
certificate.
I may be wrong, though.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list