Re: Enforce the user of Kerberos for password checking?

To: debian-edu@lists.debian.org
Subject: Re: Enforce the user of Kerberos for password checking?
From: Petter Reinholdtsen <pere@hungry.com>
Date: Sun, 1 Aug 2010 07:53:24 +0200
Message-id: <[🔎] 20100801055324.GP6444@login2.uio.no>
In-reply-to: <[🔎] 20100801012232.GA3478@siddhartha.sunshine>
References: <2fllj8rz1sp.fsf@login2.uio.no> <[🔎] 20100801012232.GA3478@siddhartha.sunshine>

[Andreas B. Mundt]
> I currently can't test, but perhaps we can increase the ssf to the old
> value again. This will block all connections from ldapi://. To again
> allow these local connections we need to set the ssf manually, as
> described in: 
> <URL:http://www.openldap.org/lists/openldap-technical/200906/msg00109.html>
> 
> >From the slapd.conf man page:
> 
> localSSF <SSF>
>     Specifies the Security Strength Factor (SSF) to be given local
>     LDAP sessions, such as those to the ldapi:// listener. For a
>     description of SSF values, see sasl-secprops's minssf option
>     description. The default is 71.

I tried to set this to 0 or 1 and reinsert the security line, but
Kerberos failed to start and LDAP refused the kdcs tries to log in.
No idea why.  perhaps bind_ssf overrides localssf?  Perhaps some
combination work, but I have not found it yet. :/

Happy hacking,
-- 
Petter Reinholdtsen

Reply to:

References:
- Re: Enforce the user of Kerberos for password checking?
  - From: "Andreas B. Mundt" <andi.mundt@web.de>

Prev by Date: Content and translation status for the rosegarden manual
Next by Date: Bug#591238: debian-edu-install: [INTL:ru] Russian debconf templates translation update
Previous by thread: Re: Enforce the user of Kerberos for password checking?
Next by thread: Re: Enforce the user of Kerberos for password checking?
Index(es):
- Date
- Thread