On Tue, Jul 30, 2013 at 3:07 PM, Dmitri Pal <d...@redhat.com> wrote:

> And as you see all the binds were using a negotiated method.
> I wonder if the policy can be tuned to allow only Kerberos negotiated
> binds. IMO this would be optimal.
>

There is no Group Policy that can enforce a specific type of bind that I'm
aware. While secure binds are always supported, there is only a toggle
between "require secure binds" and "allow secure binds." I don't think
there is any other tuning available.

I think there is something to be said for still requiring SSL despite the
fact that binds are encrypted with the keytab as it helps mitigate
man-in-the-middle attacks.

-Chris
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Reply via email to