--On Friday, September 29, 2017 1:07 PM -0400 Robert Heller heller@deepsoft.com wrote:
At Fri, 29 Sep 2017 10:47:48 -0400 brendan kearney bpk678@gmail.com wrote:
SASL is a "glue" between LDAP and Kerberos, that translates an identity established through Kerberos AuthN to an LDAP Distinguished Name (among other possible uses). When communications between Kerberos and LDAP happen, SASL also provides encryption.
I have setup Kerberos, SASL, OpenLDAP and SSSD all on Fedora and it all works. I dont have to muck with SSL/TLS and the different implementations with their specific nuances.
Don't you still need a SSL Certificate? That is, SSL/TLS is still there someplace?
No.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com