[30315] in Kerberos
Re: Using LDAP backend with start_tls
daemon@ATHENA.MIT.EDU (Mickael Marchand)
Thu Sep 18 11:17:42 2008
From: Mickael Marchand <mikmak@freenux.org>
Mime-Version: 1.0
Date: 18 Sep 2008 06:08:34 GMT
Message-ID: <48d1f062$0$10469$426a74cc@news.free.fr>
X-Complaints-To: abuse@proxad.net
To: kerberos@mit.edu
Content-Type: text/plain; charset="utf8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Le 17-09-2008, Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com> a écrit :> Hi everyone,>> I was wondering how can I use the LDAP backend over a TLS connection.> Looking at the krb5.conf file man page, looks like there is no option> covering this and I'm assuming that simply using ldaps:// as the> ldap_servers URI will toggle SSL over port 636 instead of TLS at port> 389.>> ldapi://socket will initiate a unix socket connection> ldap://host will start an unsecured connection at port 389> ldaps://host will start SSL through port 636>> Is there a way to START_TLS over port 389?>> Thanks,>> -Klaus>>
Hi,
I have this setup with Heimdal and Openldap and iirc I checked thesource code and TLS was -not- used at all there :/I did not care much since I use the same server for both, but this isdisturbing ...
writing a patch for this in Heimdal should be pretty straight forward Iguess.
Cheers,Mik________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
