[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: client authentication using TLS/SASL (ITS#865)

To: openldap-its@OpenLDAP.org
Subject: Re: client authentication using TLS/SASL (ITS#865)
From: Kurt@OpenLDAP.org
Date: Wed, 1 Nov 2000 21:07:38 GMT

At 07:54 PM 11/1/00 +0000, Olaf Schlüter wrote:
>There seems also some work remaining on the server side. Following your 
>hint, I fixed cyrus.c to set a authid.

I have changes in HEAD which should fix the client side.
Please test.

As far as the 2.0 server goes, slapd doesn't support SASL proxying.
You should not specify an authorization identity.  That is, don't
use -X.  slapd will derive an authorization identity from the
TLS authentication identity.  It likely will be quite ugly,
but would should be able to specify ACL which grant desired
access.

There is experimental proxying support in HEAD as well as
identity mapping features.  See devel list archives for details.

Kurt

Next by Date: inheritance of matching rules (ITS#868)
Index(es):
- Chronological
- Thread