7 Jun
2007
7 Jun
'07
2:03 p.m.
Full_Name: Quanah Gibson-Mount Version: 2.3.35 OS: NA URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (71.202.148.128)
I was playing with SASL connections on an TLS encrypted connection, and noticed the SSF displayed is not correct in the SASL part.
Jun 7 12:51:27 ldap-dev1 slapd[11858]: conn=4494 fd=29 TLS established tls_ssf=256 ssf=256 Jun 7 12:51:27 ldap-dev1 slapd[11858]: conn=4494 op=4 BIND dn="uid=quanah,cn=accounts,dc=stanford,dc=edu" mech=GSSAPI ssf=56
I believe that the second line above should really display "sasl_ssf=56", or probably even better, "sasl_ssf=56 ssf=256", similar to how the first line has "tls_ssf=256 ssf=256", so that it is clear that there are different security factors in play here.
--Quanah