Kenneth Holter wrote:
Thank you for the quick reply.
We're going for the TLS based solution. However, I'd like a better
understanding of SASL, so let me post these questions:
* What can SASL be used for besides Kerberos integration?
The SASL mechanism Digest-MD5 is an LDAP standard authentication mechanism.
* The RHDS documentation says that TLS can be used as an
authentication mechanism, but doesn't provide much details.
You can use an X.509 user certificate (cert) to authenticate to the
server.
http://directory.fedoraproject.org/wiki/Howto:CertMapping
*
* How can I check if SASL is enabled on my LDAP server (RHDS)?
It is enabled by default.
ldapsearch -x -s base -b "" "objectclass=*" supportedsaslmechanisms
On 5/13/08, *David Boreham* <david_list(a)boreham.org
<mailto:david_list@boreham.org>> wrote:
Kenneth Holter wrote:
The DS supports both TLS and SASL. TLS can be used for both
authentication and encryption, and should therefore cover our
security needs.
SASL is quite new to me, and as of now I don't see the
benefit of using it. Which security or functionality features
does SASL provide that TLS doesn't? I know that SASL enables
integration with Kerberos, but we're most likely not going for
a Kerberos based solution.
SASL is primarily needed to support Kerberos clients.
Use TLS unless you already know that you want SASL for some reason.
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
<mailto:Fedora-directory-users@redhat.com>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users