1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Server
  5. DIRECTORY SERVER 7.1 - DEPLOYMENT
  6. Deployment manual

Securing Connections With Ssl And Start Tls; Securing Connections With Sasl - Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Securing Connections with SSL and Start TLS

After designing your authentication scheme for identified users and your access
control scheme for protecting information in your directory, you need to design a
way to protect the integrity of the information passed among servers and client
applications.
To provide secure communications over the network, you can use the LDAP
protocol over the Secure Sockets Layer (SSL). Directory Server can have
SSL-secured connections and non-SSL connections simultaneously. Additionally,
Directory Server can support Start TLS, a way of initiating a Transport Layer
Security (TLS) connection over a regular port.
SSL/TLS can be used in conjunction with the RC2 and RC4 encryption algorithms
from RSA. The encryption method selected for a particular connection is the result
of a negotiation between the client application and Directory Server. SSL/TLS can
also be used in conjuction with CRAM-MD5, which is a hashing mechanism that
guarantees that information has not been modified during transmission.
For information about enabling SSL or using Start TLS, refer to the Red Hat
Directory Server Administrator's Guide.

Securing Connections with SASL

As an alternative to SSL, Directory Server supports LDAP client authentication and
encryption through the Simple Authentication and Security Layer (SASL). For
some UNIX applications and platforms, SASL is the native security method to
share information.
SASL is a security framework, meaning it sets up a system that allows different
mechanisms to authenticate a user to the server, depending on what mechanism is
enabled in both client and server applications. It can also establish an encrypted
session between the client and a server. To establish a secure session, Directory
Server utilizes the GSS-API mechanism to encrypt data during sessions, allowing
UNIX LDAP clients to authenticate with the server using Kerberos version 5
credentials.
NOTE
SASL data encryption is not supported for client connections that
use SSL/TLS.
Securing Connections with SSL and Start TLS
Chapter 8
Designing a Secure Directory
185

Advertisement

Table of Contents
loading

Related Manuals for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT

Related Content for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT

This manual is also suitable for:

Directory server 7.1

Table of Contents