[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL External : certificates stored in LDAP

To: OpenLDAP Devel <openldap-devel@OpenLDAP.org>
Subject: Re: SASL External : certificates stored in LDAP
From: Mitrana Cristian <cmitrana@xnet.ro>
Date: Tue, 18 Mar 2003 09:43:39 -0200
Content-disposition: inline
In-reply-to: <1047908550.9280.35.camel@linux-integ>
References: <1047908550.9280.35.camel@linux-integ>
User-agent: Mutt/1.5.3i

* Francois Beretti <francois.beretti@enatel.com> [17-03-03 11:42]:
 
> Hello all
> 
> is it planned[/possible] in future developpement to let the
> SASL/EXTERNAL mecanism directly work with user certificates stored in
> the OpenLDAP directory, instead of having them stored in the user
> filesystem ?
> 
> or is it better to keep this concept off of the mecanism ? : if somebody
> wants it, he must make his own client that will first retrieve the
> userCertificate anonymously before starting an authenticated
> communication
> 

 I think this idea is plain wrong. If the cert will be stored in the
DIT, what kind of authentication is that ? Every bind operation that
request a SASL/EXTERNAL will be auth'ed based on the cert, i.e. every
client that knows a DN which auhtenticates with SASL/EXTERNAL and 
has the cert stored on the server will can authenticate as the DN.
 Doesn't this defeat the purpose of the authentication ?
 Correct my if I'm wrong, just my 2cents.

regards,
mitu

Follow-Ups:
- Re: SASL External : certificates stored in LDAP
  - From: Michael Ströder <michael@stroeder.com>
- Re: SASL External : certificates stored in LDAP
  - From: Francois Beretti <francois.beretti@enatel.com>

References:
- SASL External : certificates stored in LDAP
  - From: Francois Beretti <francois.beretti@enatel.com>

Prev by Date: RE: back-bdb future
Next by Date: Re: SASL External : certificates stored in LDAP
Index(es):
- Chronological
- Thread