Re: Enforce the user of Kerberos for password checking?
[Andreas B. Mundt]
> I currently can't test, but perhaps we can increase the ssf to the old
> value again. This will block all connections from ldapi://. To again
> allow these local connections we need to set the ssf manually, as
> described in:
> <URL:http://www.openldap.org/lists/openldap-technical/200906/msg00109.html>
>
> >From the slapd.conf man page:
>
> localSSF <SSF>
> Specifies the Security Strength Factor (SSF) to be given local
> LDAP sessions, such as those to the ldapi:// listener. For a
> description of SSF values, see sasl-secprops's minssf option
> description. The default is 71.
I tried to set this to 0 or 1 and reinsert the security line, but
Kerberos failed to start and LDAP refused the kdcs tries to log in.
No idea why. perhaps bind_ssf overrides localssf? Perhaps some
combination work, but I have not found it yet. :/
Happy hacking,
--
Petter Reinholdtsen
Reply to: