Thank you for the quick reply.

We're going for the TLS based solution. However, I'd like a better understanding of SASL, so let me post these questions:

What can SASL be used for besides Kerberos integration? The RHDS documentation says that TLS can be used as an authentication mechanism, but doesn't provide much details.
How can I check if SASL is enabled on my LDAP server (RHDS)?

On 5/13/08, David Boreham <david_list@boreham.org> wrote:

Kenneth Holter wrote:

The DS supports both TLS and SASL. TLS can be used for both authentication and encryption, and should therefore cover our security needs.
SASL is quite new to me, and as of now I don't see the benefit of using it. Which security or functionality features does SASL provide that TLS doesn't? I know that SASL enables integration with Kerberos, but we're most likely not going for a Kerberos based solution.

SASL is primarily needed to support Kerberos clients.
Use TLS unless you already know that you want SASL for some reason.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users