Re: Preferred authentication mechanism - LDAPS or startTLS | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
start tls is an extended operation. Your ldap server may not support it. With start TLS part of the conversion happens unencrypted. On Wed, Apr 9, 2008 at 6:37 PM, Michael Ströder <michael@xxxxxxxxxxxx> wrote: > Chun Tat David Chu wrote: > > > > > I'm currently looking into LDAP authentication and would like to know > about what is the preferred authentication mechanism. If I want to use TLS > for authentication, should I use LDAPS or startTLS? > > > > Both are not client authentication mechs if you don't use client > certificates. In most deployments the SSL/TLS protocol provides server > authentication and an encrypted data communication channel. > > > > > I surfed on the Internet, and it appears that startTLS should be > deprecating LDAPS but a lot of people are still using LDAPS today. > > > > I'd simply support both. LDAPS has the advantage that you can really > mandate that the client must successfully establish an encrypted channel > *before* sending any LDAP PDU with possibly confidential information. > > Ciao, Michael. > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Fedora Directory Devel] [Fedora Announce] [Fedora Legacy Announce] [Home] [Fedora Tools] [Kernel] [Fedora Legacy] [Share Photos] [Fedora Desktop] [PAM] [Red Hat Watch] [Red Hat Development] [Red Hat 9 Bible] [Red Hat 9] [Big List of Linux Books] [Gimp] [Yosemite News]