Red Hat 8.1 User Manual

Table 6.7. Description of CRAM-MD5 Mechanism Options

Required
or
Optional

Option

Description

Example

Required

mech=CRAM-MD5

Gives the SASL mechanism.

-o “mech=CRAM-MD5”

Required

authid=authid_value Gives the ID used to authenticate to the server.

authid_value can be the following:

UID. For example, msmith.
u: uid. For example, u: msmith.
dn: dn_value. For example, dn:
uid=m sm ith,ou=People,o=exam ple.com .

-o “authid=dn:uid=jsmith, ou=People,
dc=example, dc=com"

Optional

secprop=value

The secprop attribute sets the security properties
for the connection. The secprop value can be any
of the following:

None
noplain — Do not permit mechanisms
susceptible to simple passive attack.
noactive — Do not permit mechanisms
susceptible to active attacks.
nodict — Do not permit mechanisms
susceptible to passive dictionary attacks.
forwardsec — Require forward secrecy.
passcred — Attempt to pass client credentials.
noanonymous — Do not permit mechanisms
that allow anonymous access.
minssf — Require a minimum security strength;
this option needs a numeric value specifying
bits of encryption. A value of - 1 means
integrity is provided without privacy.
maxssf — Require a maximum security
strength; this option needs a numeric value
specifying bits of encryption. A value of - 1
means integrity is provided without privacy.
maxbufsize — Set the maximum receive buffer
size the client will accept when using integrity or
privacy settings.

-o
"secprop=noplain,minssf=1,maxbufsize=512"

Red Hat Directory Server 8.1 Configuration and Command Reference

183