Chapter 12. Managing SASL

Chapter 12. Managing SASL

12.1. Authentication Mechanisms
12.2. SASL Identity Mapping
12.3. Configuring SASL Identity Mapping from the Console
12.4. Configuring SASL Identity Mapping from the Command-Line
12.5. Configuring Kerberos
12.5.1. Realms
12.5.2. Configuring the KDC Server
12.5.3. Example: Configuring an Example KDC Server
12.5.4. Configuring SASL Authentication at Directory Server Startup

Red Hat Directory Server supports LDAP client authentication through the Simple Authentication and Security Layer (SASL), an alternative to TLS/SSL and a native way for some applications to share information securely.

Directory Server supports SASL authentication using the DIGEST-MD5 and GSS-API mechanisms, allowing Kerberos tickets to authenticate sessions and encrypt data. This chapter describes how to use SASL with Directory Server.

SASL is a framework, meaning it sets up a system that allows different mechanisms to be used to authenticate a user to the server, depending on what mechanism is enabled in both client and server applications.

SASL can also set up a security layer for an encrypted session. Directory Server utilizes the GSS-API mechanism to encrypt data during sessions.

NOTE

SASL data encryption is not supported for client connections that use TLS/SSL.


Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.