At Fri, 29 Sep 2017 10:47:48 -0400 brendan kearney <bpk678(a)gmail.com&gt; wrote: > > > SASL is a "glue" between LDAP and Kerberos, that translates an identity > established through Kerberos AuthN to an LDAP Distinguished Name (among > other possible uses). When communications between Kerberos and LDAP > happen, SASL also provides encryption. > > I have setup Kerberos, SASL, OpenLDAP and SSSD all on Fedora and it all > works. I dont have to muck with SSL/TLS and the different > implementations with their specific nuances. Don't you still need a SSL Certificate? That is, SSL/TLS is still there someplace?