Hi to all,
when I connect to openldap, with simple-bind I see:
-----------
mech=SIMPLE bind_ssf=0 ssf=256
-----------
When I connect to openldap with GSSAPI I see:
-----------
mech=GSSAPI bind_ssf=56 ssf=256
-----------
So I uses strong-bind via GSSAPI
there is no place where I can find anything about "bind_ssf". So what
ist bind_ssf stands for?
I only found:
transport_ssf=<n>
tls_ssf=<n>
sasl_ssf=<n>
Another strange thing (to me ;-) )
The openldap admin guide is telling me:
----------------
The server uses Security Strength Factors (SSF) to indicate the relative
strength of protection. A SSF of zero (0) indicates no protections are
in place. A SSF of one (1) indicates integrity protection are in place.
A SSF greater than one (>1) roughly correlates to the effective
encryption key length. For example, DES is 56, 3DES is 112, and AES 128,
192, or 256.
----------------
in my kdc.conf I have:
---------------
supported_enctypes = aes256-cts-hmac-sha1-96:normal
aes128-cts-hmac-sha1-96:normal
---------------
So no DES with a key-length of 56 is defined. Same when I look at the
key from my user I'm using to connect. The infos about the user is
telling me in kadmin
----------------
Key: vno 1, aes256-cts-hmac-sha1-96
Key: vno 1, aes128-cts-hmac-sha1-96
----------------
So why is the log telling me ssf=56?
Stefan