From MAC OSX 10.6 Workstation Security Technical Implementation Guide
Part of OSX00124-LDAPv3 Block man-in-the-middle attacks
Associated with IA controls: ECCT-1, ECCT-2
To prevent LDAPv3 man-in-the middle attacks the system must be properly configured.
Open Finder. Click the Hard Drive icon. Double Click System. Double Click Library. Double Click CoreServices. Double Click Directory Utility. Click the Show Advanced Options button. Click Services tab. Click the Lock and enter the password to unlock the options (if needed). Click the LDAPv3 service. Click the Pencil icon. Highlight the Server Name/Configuration Name. Click Edit. Click on Security tab and verify the "Block man-in-the-middle attacks (requires Kerberos)" is checked. If the value is not checked, this is a finding.
Open Finder. Click the Hard Drive icon. Double Click System. Double Click Library. Double Click CoreServices. Double Click Directory Utility. Click the Show Advanced Options button. Click Services tab. Click the Lock and enter the password to unlock the options (if needed). Click the LDAPv3 service. Click the Pencil icon. Highlight the Server Name/Configuration Name. Click Edit. Click the Security tab and select "Block man-in-the-middle attacks (requires Kerberos)".
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer