[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS client certificate pb
tor, 2003-03-06 kl. 09:32 skrev Dieter Kluenter:
> > SASL External is simply wire encryption (either ssl or tls). Client
> > certificates are not needed for it.
>
> No, here you are wrong, External is a SASL mechanism for authentication.
>
> Just write a saslRegexp to match your CN and you can use certificates
> to authenticate. Here ist the output of my certificate
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.--
> ieter@marin:/usr/local/bin> ./ldapsearch -Y EXTERNAL -ZZ -b "cn=connections,cn=monitor" -s base
> SASL/EXTERNAL authentication started
> SASL username: Email=dieter@xxxxx,CN=Dieter Kluenter\2Cou=partner\2Cou=users\2Co=avci\2Cc=de,OU=ldapclient,O=avci,L=Hamburg,ST=Germany,C=DE
> SASL SSF: 0
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
Thanks Dieter - I got it mixed up with SASL plain. Since then I've been
following the threads, read rfcs 2251 and 2222 etc; in fact, a couple of
days older and wiser.
Best,
Tony
--
Tony Earnshaw
All the world is mad, exceptin thee and me
and even thee's a little queer
e-post: tonni@billy.demon.nl
www: http://www.billy.demon.nl