Re: LDAP signing and encryption
- From: "NickvW" <me@xxxxxxxxxxx>
- Date: Wed, 15 Mar 2006 16:22:24 -0000
That makes sense since the KB articles also talk about what happens when the
admin tools use NTLM.
Thanks Joe.
Nick
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:%237Xyz16RGHA.440@xxxxxxxxxxxxxxxxxxxxxxx
They are probably talking about Kerberos-based signing and sealing, not
SSL. Microsoft supports signing and sealing for RPC protocols that uses
SSPI for authentication. Since SSPI is supported for authentication with
LDAP, they probably just added the flags to enable this behavior.
You can also get signing/sealing behavior with SSL if you have deployed
certs to your DCs, but that is not a built in feature.
Joe K.
"NickvW" <me@xxxxxxxxxxx> wrote in message
news:%23DlrKY6RGHA.5468@xxxxxxxxxxxxxxxxxxxxxxx
I understand that the AD admin tools in Server 2003 sign and encrypt LDAP
traffic.
Do the tools negotiate an SSL session with the DC and if so where do the
certificates and private keys come from?
Will this work in a non PKI environment? If so, what signing and
encryption protocols are used?
Nick
.
- References:
- LDAP signing and encryption
- From: NickvW
- Re: LDAP signing and encryption
- From: Joe Kaplan \(MVP - ADSI\)
- LDAP signing and encryption
- Prev by Date: Re: Site Server Requirements.
- Next by Date: Re: Looking to consolidate into a Single Forest Single Domain
- Previous by thread: Re: LDAP signing and encryption
- Next by thread: Re: Cross Forest Authentication with a Machine Account and Select Auth
- Index(es):
Relevant Pages
|
