ad-assurance - [AD-Assurance] RE: Encryption with LDAP signing

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] RE: Encryption with LDAP signing

From: "Rank, Mark" <>
To: "" <>
Subject: [AD-Assurance] RE: Encryption with LDAP signing
Date: Fri, 13 Sep 2013 17:17:53 +0000
Accept-language: en-US

Folks...

Sorry ... I had to bail on the call about half way through ... something came up.

Regards,

Mark

--------------------------------------------------

Mark Rank
Project Manager - Identity & Access Mgt

UCSF Information Technology Services (ITS)
email:

phn:414-331-1476

--------------------------------------------------

From: [] on behalf of Ron Thielen []
Sent: Friday, September 13, 2013 9:53 AM
To:
Subject: [AD-Assurance] RE: Encryption with LDAP signing

Here’s the SANS article on securing DC LDAP with SSL.

http://www.sans.org/reading-room/whitepapers/protocols/ssl-secure-ldap-traffic-microsoft-domain-controllers-33784?show=ssl-secure-ldap-traffic-microsoft-domain-controllers-33784&cat=protocols

Ron

From: [mailto:] On Behalf Of Michael W. Brogan
Sent: Friday, September 13, 2013 11:50 AM
To:
Subject: [AD-Assurance] Encryption with LDAP signing

This thread says that LDAP signing sets the security flags ADS_USE_SIGNING & ADS_USE_SEALING:

http://social.technet.microsoft.com/Forums/en-US/249c0aab-9640-496b-94d1-ecf6021ac0b9/sign-and-encrypt-ldap-traffic

This article says that ADS_USE_SEALING uses Kerberos for encryption:

http://msdn.microsoft.com/en-us/library/aa772247.aspx

Michael W. Brogan

Technical Lead, Identity and Access Management

UW Information Technology, University of Washington

206-685-7521

[AD-Assurance] Encryption with LDAP signing, Michael W. Brogan, 09/13/2013
- [AD-Assurance] RE: Encryption with LDAP signing, Ron Thielen, 09/13/2013
  - [AD-Assurance] RE: Encryption with LDAP signing, Rank, Mark, 09/13/2013

List archive

[AD-Assurance] RE: Encryption with LDAP signing