[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-devel] LDAP TLS issues



On Fri, 2007-11-09 at 17:09 -0500, John Dennis wrote:
> 
> 3) The DS Admin guide says you can also use GSSAPI for secure
> transport 
> if you're using SASL. Well, I'm doing a GSSAPI SASL bind, does that
> mean 
> I'm getting a secure transport in the process or do I have to enable 
> that and if so how? 

SASL/GSSAPI already provides (strong) encryption, you shouldn't need
TLS.
It's either/or

Anyway, why would you need to encrypt something in directory server?
When you search these attributes you will get them back in clear, the
encryption is useful only to protect the data in case someone steals the
disk and even then only if the secret is manually entered at start-up I
believe ...

Care to elaborate more?

Simo.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]