Active Directory Connector - Authentication Type (SASL)

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

Hi Community! I’m hoping that you may be able to help run out a question I have regarding the Active Directory connector for which I can’t seem to be able to find a definitive answer on Compass. The Active Directory Direct connector has a setting that defines the Authentication and Security, there are two options (Simple and SASL). In order to specify the use of SASL you have to uncheck the TLS checkbox. From what I understand SASL will be used for Authentication, but once Authenticated will the traffic between the IIQ Connector and the AD Domain Controller be encrypted? Real Case: We connect to AD to create a new account. 99% of the data used for creating the account is “public”, however we set an initial password. If there is someone using a packet sniffer like Wireshark, will they be able to see that password sent in the clear, or when using SASL, is 100% of the traffic encrypted for the duration of the communication between the IIQ connector and AD until a disconnect? From what I’ve read regarding SASL it introduces the use of Kerberos for Authentication, but then once authenticated the remainder of the communication between the connector and AD is not encrypted?

Hi Kevin! I got this answer from our AD team!

Communicating with Active Directory over SASL using Kerberos is encrypted, and as a result, credentials and other sensitive communication details cannot be viewed or intercepted using Wireshark. The encryption mechanisms provided by Kerberos ensure that the data remains secure and confidential.

Thank you

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.