Table 6-7 Description of CRAM-MD5 mechanism options (continued)

Required Option

Description

Example

or

 

 

optional

 

 

The secprop attribute sets the security properties for the connection. The secprop value can be any of the following:

None

noplain

Do not permit mechanisms susceptible to simple passive attack.

noactive

Do not permit mechanisms susceptible to active attacks.

nodict

Do not permit mechanisms susceptible to passive dictionary attacks.

forwardsec

Require forward secrecy.

passcred

Attempt to pass client credentials.

noanonymous

Do not permit mechanisms that allow anonymous access.

minssf

Require a minimum security strength; this option needs a numeric value specifying bits of encryption. A value of -1means integrity is provided without privacy.

maxssf

Require a maximum security strength; this option needs a numeric value specifying bits of encryption. A value of -1means integrity is provided without privacy.

196 Command-line utilities

Page 196
Image 196
HP UX Identity Security Software manual Description of CRAM-MD5 mechanism options, Require forward secrecy