On Tue, Jul 30, 2013 at 3:07 PM, Dmitri Pal <d...@redhat.com> wrote: > And as you see all the binds were using a negotiated method. > I wonder if the policy can be tuned to allow only Kerberos negotiated > binds. IMO this would be optimal. >
There is no Group Policy that can enforce a specific type of bind that I'm aware. While secure binds are always supported, there is only a toggle between "require secure binds" and "allow secure binds." I don't think there is any other tuning available. I think there is something to be said for still requiring SSL despite the fact that binds are encrypted with the keytab as it helps mitigate man-in-the-middle attacks. -Chris
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users