Re: openldap: SASL and/or TLS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Craig White wrote:

>> What exactly is the relation between SASL and TLS?
>> Are they alternative methods of authentication,
>> or are they complementary in some way?
>> 
>> Presently I'm just using TLS.
>> 
>> Any illumination gratefully received.
> ----
> TLS is encryption method
> SASL is an authentication method

OK, thanks for responding yet again.
You've said that before,
but it seems to me that encryption necessarily involves,
or requires, authentication.

> with reference to all recent Fedora versions (6/7/8), the openldap admin
> guide is here...
> 
> http://www.openldap.org/doc/admin23/

I have been looking at that.
But I'll study it further.
 
> or more specifically (SASL)
> http://www.openldap.org/doc/admin23/sasl.html
> OpenLDAP clients and servers are capable of authenticating via the
> Simple Authentication and Security Layer (SASL) framework, which is
> detailed in RFC2222. This chapter describes how to make use of SASL in
> OpenLDAP.

Yes, I did see that.
But it wasn't clear to me if the openldap user
was actually being advised to use SASL.
As a matter of interest, do you advise it?

> and here...
> http://www.openldap.org/doc/admin23/tls.html
> OpenLDAP clients and servers are capable of using the Transport Layer
> Security (TLS) framework to provide integrity and confidentiality
> protections and to support LDAP authentication using the SASL EXTERNAL
> mechanism.

So it seems that this document at least
recommends the use of SASL + TLS?



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux