[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: proxy authentication

To: "Howard Chu" <hyc@highlandsun.com>
Subject: RE: proxy authentication
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sun, 16 Jun 2002 17:59:34 -0700
Cc: <openldap-devel@OpenLDAP.org>
In-reply-to: <NMEFLNHODBAOPDKNNJALAEDEDBAA.hyc@highlandsun.com>
References: <5.1.0.14.0.20020616163039.023f8bf0@127.0.0.1>

At 05:36 PM 2002-06-16, Howard Chu wrote:
>> -----Original Message-----
>> From: owner-openldap-devel@OpenLDAP.org
>> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Kurt D. Zeilenga
> 
>> This is basically the same as passing through the SASL
>> bind request/responses EXCEPT the authenticating server
>> knows it doing for the middle box and hence can prepare
>> a response which can be relayed to the end client.
>> 
>> (This could be done with bind+controls instead of an exop).
>
>Yes, this will work.

It may work even with mechanisms which have MITM and like
features (digest-uri) if the middlebox and authenticating
server cooperate.  That's what the controls are for, to
pass information about the middlebox to the authenticating
server so it can create responses to which the end client
will accept.

Kurt

References:
- Re: proxy authentication
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- RE: proxy authentication
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: RE: proxy authentication
Next by Date: ldap.conf TLS
Index(es):
- Chronological
- Thread