Hi to all,
when I connect to openldap, with simple-bind I see: ----------- mech=SIMPLE bind_ssf=0 ssf=256 ----------- When I connect to openldap with GSSAPI I see: ----------- mech=GSSAPI bind_ssf=56 ssf=256 ----------- So I uses strong-bind via GSSAPI
there is no place where I can find anything about "bind_ssf". So what ist bind_ssf stands for? I only found: transport_ssf=<n> tls_ssf=<n> sasl_ssf=<n>
Another strange thing (to me ;-) ) The openldap admin guide is telling me: ---------------- The server uses Security Strength Factors (SSF) to indicate the relative strength of protection. A SSF of zero (0) indicates no protections are in place. A SSF of one (1) indicates integrity protection are in place. A SSF greater than one (>1) roughly correlates to the effective encryption key length. For example, DES is 56, 3DES is 112, and AES 128, 192, or 256. ----------------
in my kdc.conf I have: --------------- supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal --------------- So no DES with a key-length of 56 is defined. Same when I look at the key from my user I'm using to connect. The infos about the user is telling me in kadmin ---------------- Key: vno 1, aes256-cts-hmac-sha1-96 Key: vno 1, aes128-cts-hmac-sha1-96 ---------------- So why is the log telling me ssf=56?
Stefan