1 |
Benjamin Smee wrote: |
2 |
|
3 |
>heya, |
4 |
> |
5 |
>On Saturday 21 May 2005 15:35, Chris S wrote: |
6 |
> |
7 |
> |
8 |
>>Great, thank you very much for the answer. So SASL, in regard to LDAP, |
9 |
>>would be the security authentication layer and is a good thing to get |
10 |
>>working. I'll give it another go! |
11 |
>> |
12 |
>> |
13 |
> |
14 |
>Not necessarily. Like I said it depends on your security model. Personally I |
15 |
>use -x myself because I always use either tls or ssl ldap connections. This |
16 |
>way my password is encrypted at all times. Ofcourse if you were worried about |
17 |
>your password traversing the network at ALL then you could use the mechanisms |
18 |
>like cram / digest that make one time hashes and send that instead thus |
19 |
>mitigating the risk in that respect. Its about what fits your security |
20 |
>requirements more, for most people though, -x with tls / ssl is fine. |
21 |
> |
22 |
>b |
23 |
> |
24 |
> |
25 |
hmm, yes indeed. I did wonder why people wanted sasl when ldap was |
26 |
running over ssl. |
27 |
|
28 |
If I am using LDAP without SASL however, then I assume postfix, courier |
29 |
etc will not use SASL in their authentications either. |
30 |
|
31 |
this LDAP setup will be for an internet web, email etc server. I'll look |
32 |
into it further. |
33 |
|
34 |
thanks again. |
35 |
|
36 |
-c |
37 |
|
38 |
-- |
39 |
gentoo-server@g.o mailing list |