directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Quanah Gibson-Mount <qua...@zimbra.com>
Subject Re: Error when using ldapsearch with GSSAPI mechanism
Date Thu, 26 Aug 2010 04:46:57 GMT


--On August 25, 2010 8:38:01 PM +0200 Stefan Seelmann <seelmann@apache.org> 
wrote:

> Hi Amila,
>
>> aj@aj-laptop:~/development/Tools/LDAP$ saslpluginviewer | grep -i gssapi
>> ANONYMOUS LOGIN CRAM-MD5 DIGEST-MD5 GSSAPI PLAIN NTLM EXTERNAL
>> Plugin "gssapiv2" [loaded],     API version: 4
>>  SASL mechanism: GSSAPI, best SSF: 56, supports setpass: no
>> ANONYMOUS LOGIN CRAM-MD5 DIGEST-MD5 GSSAPI PLAIN NTLM EXTERNAL
>> Plugin "gssapiv2" [loaded],     API version: 4
>>  SASL mechanism: GSSAPI, best SSF: 56
>
> Please try to set SSF to 0 when using ldapsearch:
>   ldapsearch ... -Y GSSAPI -O "maxssf=0"

Why should that be required?  Encrypting the GSSAPI connection is generally 
desired much of the time...

--Quanah

-- 
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration


Mime
View raw message