"Markus Moeller" <[email protected]> writes: > I wonder if someone can point me to a way to achieve an ldaps connection > to Active Directory with Kerberos (or GSSAPI ).
> SASL/GSSAPI seems broken and nobody seems to mind. Well, I do this all the time to our Active Directory server, so I know it works. Our experience is that you have to use TLS (which you appear to be doing), and you need to specify minssf=0 and maxssf=0 because Active Directory doesn't support a SASL privacy layer when TLS is in use. But it shouldn't require anything beyond that. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
